Critical active threat
CVE-2023-33246 Apache RocketMQ Command Execution
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Apache RocketMQ Command Execution
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerabil...
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP...
New critical Cisco Broadworks Application Delivery Platform exposure disclosed.
WireMock is a tool for mocking HTTP services.
The issue was addressed with improved checks.
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability.
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version.
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and i...