Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Google Chromium V8 Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Apple Multiple Products Use-After-Free now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Llamaindex SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium V8 Out-of-Bounds Read and Write
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0.
Microsoft Windows Scripting Engine Type Confusion
Improper Input Validation vulnerability in Apache Tomcat.
Apple Multiple Products Use-After-Free
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check...
Nothing flagged in this category for this digest.
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities.
Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Bl...
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a...
Atheos is a self-hosted browser-based cloud integrated development environment.
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical.
A vulnerability was found in D-Link DIR-816 1.10CNB05.
A vulnerability was found in D-Link DIR-816 1.10CNB05.
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical.