Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Microsoft Windows Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Mediatek Nr15 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Google Android memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Kernel Privilege Escalation
Microsoft Windows Power Dependency Coordinator Privilege Escalation
Microsoft Windows Scripting Engine Memory Corruption
Microsoft Project Remote Code Execution
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation
Microsoft Windows SmartScreen Security Feature Bypass
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
In Modem, there is a possible memory corruption due to a missing bounds check.
In venc, there is a possible out of bounds write due to a missing bounds check.
SolarWinds Web Help Desk Deserialization of Untrusted Data
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Windows Network Virtualization Remote Code Execution Vulnerability
Windows Network Virtualization Remote Code Execution Vulnerability
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of s...
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated...
Ivanti Virtual Traffic Manager Authentication Bypass