Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Ivanti Sentry Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Dpic Project Dpic Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Ivanti Sentry Authentication Bypass
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitiv...
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726.
dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y
dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y.
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attacke...
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user logi...
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege esca...
An XML External Entity (XXE) issue was discovered in Python through 3.9.1.
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt.