Active exploit activity
CVE-2022-35583 Wkhtmltopdf SSRF
- Public exploit or PoC available
- Exploit activity linked
Wkhtmltopdf SSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Wkhtmltopdf SSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Atlassian Bitbucket Server And Data Center Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Totolink Cp900 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads t...
Atlassian Bitbucket Server and Data Center Command Injection
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag...
Nothing flagged in this category for this digest.
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via...
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader fun...
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications.
baserCMS is a Content Management system.
baserCMS is a Content Management system.
Adobe ColdFusion Deserialization of Untrusted Data
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implem...
The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update...
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intende...