Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Apache Log4j2 Deserialization is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
TP-Link Archer AX-21 Command Injection
Oracle WebLogic Server Unspecified
Apache Log4j2 Deserialization of Untrusted Data
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation.
Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing use...
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server...
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to fun...