Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Pev Project Pev Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical 10web Map Builder For Google Maps SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Prestashop Dpd France SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c..
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using t...
The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user.
The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file.
The Akuvox E11 web server can be accessed without any user authentication, and this could allow an attacker to access sensitive informati...
PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php.
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php.
maddy is a composable, all-in-one mail server.
PanIndex is a network disk directory index.