Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Cms Tree Page View Project Cms Tree Page View XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Joommasters Jmspagebuilder SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Totolink X5000r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Unauth.
Nothing flagged in this category for this digest.
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
Landscape's server-status page exposed sensitive system information.
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48.
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formal...