Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Phpgurukul Student Study Center Management System cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Critical exposure
New critical Zyxel Multiple Network-Attached Storage (NAS) Devices Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Pro...
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password.
Nothing flagged in this category for this digest.
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior.
Zyxel Multiple NAS Devices Command Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android.
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such...
A remote unprivileged attacker can intercept the communication via e.g.
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication.
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalatio...
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.
Memory safety bugs present in Firefox 113.