Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Xtendify Woffice Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Getsimple-ce Getsimple Cms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference
Adobe ColdFusion Improper Access Control
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component),...
The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network.
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST reques...
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This iss...
Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This iss...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit all...
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This...
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which...
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license.