Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Trend Micro Apex One Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Ritecms XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Totolink A3002r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Trend Micro Apex One OS Command Injection
A vulnerability was identified in Tenda AC20 16.03.08.12.
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing o...
Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading t...
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attacke...
Nothing flagged in this category for this digest.
NamelessMC is a free, easy to use & powerful website software for Minecraft servers.
The Sante PACS Server Web Portal sends credential information without encryption.
Capsule is a multi-tenancy and policy-based framework for Kubernetes.
aiven-db-migrate is an Aiven database migration tool.
aiven-db-migrate is an Aiven database migration tool.
Meshtastic is an open source mesh networking solution.
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates.
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formM...
A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing.