Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Qualcomm Multiple Chipsets Memory Corruption is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Microsoft Configuration Manager RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Latepoint SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Management Console Remote Code Execution
Microsoft Windows MSHTML Platform Spoofing
Qualcomm Multiple Chipsets Use-After-Free
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
Windows Netlogon Elevation of Privilege Vulnerability
Microsoft Configuration Manager SQL Injection
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL comma...
Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php.
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when at...
The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5....
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12.