Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Oretnom23 Service Provider Management System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Inspireui Mstore Api Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Inspireui Mstore Api Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/vi...
Nothing flagged in this category for this digest.
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to t...
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2.
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0.
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1.
Barracuda Networks ESG Appliance Improper Input Validation
SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.
New critical Mitel Mivoice Connect exposure disclosed.
New critical Mitel Mivoice Connect privilege escalation disclosed.
Apache RocketMQ Command Execution
New critical Netbox exposure disclosed.