Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical Wso2 Api Control Plane privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Wso2 Api Control Plane privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Wso2 Api Control Plane privilege escalation (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST...
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS.
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allo...
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh...
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated...
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal.
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a lon...
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers.
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the k...
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal...