Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Android Pixel Info Disclosure is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Esri Portal For Arcgis Path Traversal (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Apache Cloudstack Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Android Pixel Information Disclosure
Android Pixel Privilege Escalation
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer fu...
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated...
There is a path traversal in Esri Portal for ArcGIS versions <= 11.2.
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and...
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request.
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file t...