Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Cisco Integrated Management Controller Supervisor privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Wintercms Winter XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Extremenetworks Iq Engine RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework.
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface.
Cisco Integrated Management Controller Supervisor — public exploit or PoC linked.
Nothing flagged in this category for this digest.
CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specia...
IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be expl...