Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Sbond Watcharr privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
High-risk exposure
New high-severity Lnbits SSRF — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users...
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio...
An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password...
Palo Alto Networks Expedition Missing Authentication
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to v...
Nothing flagged in this category for this digest.
LNbits is a Lightning wallet and accounts system.