Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Getgrav Grav RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Hp Laserjet Managed Mfp E62665 3gy14a Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Nothing flagged in this category for this digest.
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs).
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or...
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0.
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project.
Grav is a flat-file content management system.
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the...
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=char...
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.