Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Wing FTP Server Info Disclosure is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical P2r3 Bareiron RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Wing FTP Server Information Disclosure
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (T...
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and...
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enablin...
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary...
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms.
Authlib is a Python library which builds OAuth and OpenID Connect servers.
Chamilo LMS is a learning management system.
Apollo Federation is an architecture for declaratively composing APIs into a unified graph.
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting.
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow i...