Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
D-Link Routers Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
Apache Dolphinscheduler: EPSS 7.3% → 21% · rising (+14%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.
CISA KEV — confirmed in-the-wild exploitation.
Array Networks ArrayOS AG OS Command Injection
D-Link Routers Buffer Overflow
An issue was discovered in Pluck before 4.7.7-dev2.
Apache Dolphinscheduler Command Injection
Novell Edirectory Buffer Overflow
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain sy...
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access d...
In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure.
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability.
SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows at...
NUT-14 allows cashu tokens to be created with a preimage hash.
A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of...