Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
D-Link DIR-859 Router Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Cisco Identity Services Engine privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
AMI MegaRAC SPx Authentication Bypass by Spoofing
D-Link DIR-859 Router Path Traversal
Fortinet FortiOS Use of Hard-Coded Credentials
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device.
Cisco Identity Services Engine Injection
New critical Cisco Identity Services Engine privilege escalation disclosed.
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially craft...
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
The affected products could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
Citrix NetScaler ADC and Gateway Buffer Overflow