Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Ivanti Endpoint Manager (EPM) Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Apache Tomcat RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Advantive VeraCore Unrestricted File Upload
Advantive VeraCore SQL Injection
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Ivanti Endpoint Manager (EPM) Absolute Path Traversal
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI.
Apache Tomcat Path Equivalence
Misskey is an open source, federated social media platform.
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.
An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive...
Improper Control of Generation of Code ('Code Injection') vulnerability in FRESHFACE Fresh Framework fresh-framework allows Code Injectio...