Critical active threat
CVE-2025-10585 Google Chromium V8 Type Confusion
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
New critical Ironmountain Envision Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Google Chromium V8 Type Confusion
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'mo...
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary fi...
SolarWinds Web Help Desk Deserialization of Untrusted Data
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem.
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Servi...
Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc.
A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affe...
A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions.
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to...