Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an ar...
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module b...
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthoriz...
@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport.
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js).
pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database.
WeGIA is a Web manager for charitable institutions.
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time picker...
The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_up...
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0.