Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Microsoft Windows Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Nagios XI RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free
Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account...
InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users wit...
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability.
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method.
Nagios XI Remote Code Execution
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.proto...
Nothing flagged in this category for this digest.
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwo...
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines.
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in...
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could res...
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package.
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in ar...
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in ar...
The crud-query-parser library parses query parameters from HTTP requests and converts them to database queries.
HAX CMS PHP allows you to manage your microsite universe with PHP backend.
wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval.