Critical active threat
CVE-2024-5274 Google Chromium V8 Type Confusion
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Aten Pe6208 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium V8 Type Confusion
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account.
A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to...
A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker...
F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`
Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.
Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to th...
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device.
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code vi...
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPe...
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26.