Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Sem-cms Semcms privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Stylemixthemes Bookit Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Miniorange Web3 - Crypto Wallet Login \& Nft Token Gating Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7.
A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to th...
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and incl...
SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.
Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Se...
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB).
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3.