Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Dcnetworks Dcme-320 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the W...
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially cr...
Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially cr...
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control.
An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language p...
DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability.
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitra...
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new applicat...