Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The N-central server is vulnerable to an authentication bypass of the user interface.
MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution v...
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issu...
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py.
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensit...
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentica...