Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
SysAid Server Code Execution is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Sap Business One privilege escalation (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
High-risk exposure
New high-severity Icssolution Ics Business Manager SQL Injection — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
CISA KEV — confirmed in-the-wild exploitation.
SysAid Server Path Traversal
Juniper Junos OS SRX Series Missing Authentication for Critical Function
Juniper Junos OS EX Series PHP External Variable Modification
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification
Juniper Junos OS SRX Series Missing Authentication for Critical Function
Juniper Junos OS EX Series Missing Authentication for Critical Function
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.
A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089.