Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Active exploit activity
Freesshd DoS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Obje...
Pterodactyl is a free, open-source game server management panel.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
A vulnerability was found in PX4-Autopilot 1.12.3.
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserial...
A vulnerability was found in freeSSHd 1.0.9 on Windows.
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain ac...
WordPress Social Warfare Plugin Cross-Site Scripting (XSS)
Nothing flagged in this category for this digest.
Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uplo...
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user.
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add ne...
An issue was discovered on IROAD Dashcam FX2 devices.
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface.
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11_X101 Build 1127.190306 and earl...
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-5...
Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.