Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Ivanti Connect Secure, Policy Secure, And ZTA Gateways RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Aviatrix Controllers Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Apple Smart Card Services Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
This issue is fixed in SCSSU-201801.
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6.
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion i...
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via t...
Aviatrix Controllers OS Command Injection
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering ins...
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer.
WeGIA is a web manager for charitable institutions.
WeGIA is a web manager for charitable institutions.