Critical active threat
CVE-2025-6554 Google Chromium V8 Type Confusion
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Active exploit activity
Gogs RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Gfi Kerio Control privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium V8 Type Confusion
Wing FTP Server Improper Neutralization of Null Byte or NUL Character
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
A flaw was found in Moodle.
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution.
Nothing flagged in this category for this digest.
New critical Cisco Unified Communications Manager exposure disclosed.
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management...
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access cont...
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to pe...
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitr...
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling.
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions <=0.54.
An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled t...
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows at...