Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Active exploit activity
Getgreenshot Greenshot RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
copyparty is file server software.
A vulnerability was found in mooSocial mooDating 1.2.
A vulnerability was found in mooSocial mooDating 1.2.
A vulnerability was found in mooSocial mooDating 1.2.
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2.
A vulnerability classified as problematic was found in mooSocial mooDating 1.2.
A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2.
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2.
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, lea...
An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions ver...
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
Nothing flagged in this category for this digest.
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specifi...
Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to pot...
webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.down...
bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolm...
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMes...
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>.
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2Pi...
wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution....
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createSt...
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.D...