Critical active threat
CVE-2026-35616 Fortinet FortiClient EMS Improper Access Control
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Active exploit activity
Grafana Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Samsung Exynos 1080 Firmware Buffer Overflow (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Fortinet FortiClient EMS Improper Access Control
Fortinet FortiWeb Path Traversal
Microsoft Windows Race Condition
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass...
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface.
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect.
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versi...
Nothing flagged in this category for this digest.
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1...
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 13...
text-generation-webui is an open-source web interface for running Large Language Models.
Kedro is a toolbox for production-ready data science.
Chyrp Lite is an ultra-lightweight blogging engine.
Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs.
goshs is a SimpleHTTPServer written in Go.
goshs is a SimpleHTTPServer written in Go.
pyLoad is a free and open-source download manager written in Python.
goshs is a SimpleHTTPServer written in Go.