Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Scshr Hr Portal Deserialization (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Deserialization of Untrusted Data vulnerability in Apache InLong.
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
A missing protection against path traversal allows to access any file on the server.
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes M...
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System throug...
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management...
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr.
Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Swe...
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System...