Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Hongdian H8951-4g-esp Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption...
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker...
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by send...
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8.
Root user password is hardcoded into the device and cannot be changed in the user interface.
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the co...
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active u...
Atril is a simple multi-page document viewer.
Ivanti Connect Secure and Policy Secure Command Injection
Clerk helps developers build user management.