Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Apple Multiple Products Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Microsoft Azure Ai Face Service Auth Bypass (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Heyewei Jfinalcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Apple Multiple Products Use-After-Free
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injec...
Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbit...
JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java.
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files...
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information.
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information.
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network.