Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Mozilla Firefox Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or...
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC se...
Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered.
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses r...
Certain canvas operations could have lead to memory corruption.
An integer overflow was present in `OrderedHashTable` used by the JavaScript engine.