Critical active threat
CVE-2022-36537 ZK Framework AuUploader Unspecified
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical Apple Ipados Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Huawei Bisheng-wnm Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
ZK Framework AuUploader Unspecified
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A memory corruption issue was addressed with improved state management.
This issue was addressed with improved checks.
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325.
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325.
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability.
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability.
A buffer overflow issue was addressed with improved memory handling.
Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.
SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter.
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.