Critical exposure
CVE-2026-21994 Oracle Okit
- CVSS 9.8
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
High-risk exposure
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (componen...
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver.
Wazuh is a free and open source platform used for threat prevention, detection, and response.
Wazuh is a free and open source platform used for threat prevention, detection, and response.
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries.
Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers...
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unau...
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to di...