Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
OSGeo GeoServer RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Tenda Ax1806 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
OSGeo GeoServer GeoTools Eval Injection
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending...
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a speci...
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a speci...
Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API.
New critical Tenda Ax1806 Firmware Buffer Overflow disclosed.
New critical Tenda Ax1806 Firmware Buffer Overflow disclosed.
New critical Tenda Ax1806 Firmware Buffer Overflow disclosed.
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application....
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php.
A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution.