Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
VMware VCenter Server Info Disclosure is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE)
SolarWinds Serv-U Path Traversal
VMware vCenter Server Incorrect Default File Permissions
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method t...
New critical Cisco Secure Email Gateway exposure disclosed.
New critical Cisco Smart Software Manager On-prem exposure disclosed.
The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability.
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability.
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability.
It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager.
In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1, an integer overflow can occur.
privilege escalation