Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
React Native Community CLI Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical Microsoft Azure Front Door privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
SmarterTools SmarterMail Missing Authentication for Critical Function
React Native Community CLI OS Command Injection
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket para...
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary...
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handsha...
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface.
In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check.
Azure Front Door Elevation of Privilege Vulnerability