Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Qlik Sense privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Imsurajghosh Student Information System RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Zultys Mx-e Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Qlik Sense HTTP Tunneling
Qlik Sense Path Traversal
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allow...
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161...
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php pag...