Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Fogproject Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Nikhil-bhalerao Poultry Farm Management System RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Codermy My-springsecurity-plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmons...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This is...
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Cod...
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue af...
FOG is a cloning/imaging/rescue suite/inventory management system.
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the producti...
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dep...
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/rol...