Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Emerging exploitation risk
Open-emr Openemr: EPSS 2.4% → 18% · rising (+15%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Open-emr Openemr XSS
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension develope...
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data...
The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers.
A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and...
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, w...
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface.
An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected...
A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered.
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects Mag...
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability.