Critical exposure
CVE-2023-2024 Johnsoncontrols Openblue Enterprise Manager Data Collector
- CVSS 10
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Vibethemes Bp Social Connect Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Facebook Hermes RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user und...
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a mali...
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a...
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker...
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5.
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free a...
netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function.
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arb...
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990...