Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Ivanti Cloud Services Appliance RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Adobe Coldfusion RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Mayurik Best Free Law Office Management SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Ivanti Cloud Services Appliance OS Command Injection
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in ar...
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sens...
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.