Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Tesigandia Gandia Integra Total SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
9001 Copyparty XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Emerging exploitation risk
Lacaveprods Intellitamper: EPSS 12% → 24% · rising (+12%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1.
Copyparty is a portable file server.
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of th...
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3.
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effe...
Lacaveprods Intellitamper Buffer Overflow
Nothing flagged in this category for this digest.