Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Nginxui Nginx Ui RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Remyandrade School Task Manager SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher.
Nginx-UI is a web interface to manage Nginx configurations.
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.