Critical exposure
CVE-2023-48842 Dlink Go-rt-ac750 Firmware Command Injection
- CVSS 9.8
New critical Dlink Go-rt-ac750 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Dlink Go-rt-ac750 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Luxiaoxun Nettyrpc Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Fengjiachun Jupiter Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
October is a Content Management System (CMS) and web platform to assist with development workflow.
In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them...
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows...
Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.