Critical active threat
CVE-2023-28434 MinIO Security Feature Bypass
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical JetBrains TeamCity Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Dolibarr Erp\/crm cross-site scripting (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
MinIO Security Feature Bypass
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new us...
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials.
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset I...
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and e...
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicio...
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite...
JetBrains TeamCity Authentication Bypass