Critical exposure
CVE-2023-49442 Jeecg Deserialization
- CVSS 9.8
New critical Jeecg Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Jeecg Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Gl-inet Gl-a1300 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Apache Inlong RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0.
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted...
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files an...
Laf is a cloud development platform.
An issue was discovered on GL.iNet devices through 4.5.0.
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 thr...
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval.
PaddlePaddle before 2.6.0 has a command injection in _wget_download.
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare.