Critical exposure
CVE-2023-49617 Machinesense Feverwarn Firmware
- CVSS 10
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Zohocorp Manageengine Adaudit Plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Zohocorp Manageengine Adaudit Plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Multiple MachineSense devices have credentials unable to be changed by the user or administrator.
Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker...
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...
Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability.
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments...