Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Active exploit activity
Akaunting Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
Numbas editor before 7.3 mishandles editing of themes and extensions.
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction.
F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of...
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier.
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an...
Nothing flagged in this category for this digest.
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may a...