Critical active threat
CVE-2024-51378 CyberPanel Incorrect Default Permissions
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical Google Android Memory Corruption (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
CyberPanel Incorrect Default Permissions
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause.
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver.
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-se...
readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.