Critical exposure
CVE-2023-35189 Iagona Scrutisweb Code Execution
- CVSS 10
- Remote code execution exposure
New critical Iagona Scrutisweb Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Iagona Scrutisweb Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Lfprojects Mlflow Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Locke-bot Project Locke-bot SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
An issue was discovered on atasm, version 1.09.
SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src...
Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account).
Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account).
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, a...
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header.
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated u...
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbi...
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4.
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.