Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
VMware VCenter Server RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Clojure Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Contiki-ng Tinydtls DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
VMware vCenter Server Out-of-Bounds Write
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization.
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30.
SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted requ...
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administratio...