Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
TP-Link Archer AX21 Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
New critical Ivanti Avalanche RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739.
TP-Link Archer AX-21 Command Injection
Nothing flagged in this category for this digest.
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary...
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacke...
An unauthenticated attacker could achieve the code execution through a RemoteControl server.
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacke...
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.
Ivanti Avalanche decodeToMap XML External Entity Processing.
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and defau...
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, co...
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.