Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Barracuda Networks Email Security Gateway (ESG) Appliance Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical active threat
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Gitlab Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Barracuda Networks ESG Appliance Improper Input Validation
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
Nothing flagged in this category for this digest.
Lack of length check vulnerability in the HW_KEYMASTER module.
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.
The facial recognition TA of some products lacks memory length verification.
The facial recognition TA of some products has the out-of-bounds memory read vulnerability.
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0.
CKAN is an open-source data management system for powering data hubs and data portals.