Critical active threat
CVE-2023-29298 Adobe ColdFusion Improper Access Control
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Active exploit activity
Netgate Pfsense Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Endonesia SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Adobe ColdFusion Improper Access Control
Adobe ColdFusion Improper Access Control
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user ses...
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection.
Microsoft Office Elevation of Privilege Vulnerability
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute a...
Nothing flagged in this category for this digest.
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.
Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlemen...
Adobe ColdFusion Deserialization of Untrusted Data
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.