Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Ivanti Endpoint Manager Mobile (EPMM) RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Thingsboard SSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Emerging exploitation risk
Maxum Development Corporation Rumpus Ftp Server: EPSS 6.9% → 24% · rising (+17%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.
CISA KEV — confirmed in-the-wild exploitation.
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions.
Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension without restriction...
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because a...
Ghost is a Node.js content management system.
ThingsBoard versions < 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature.
Maxum Development Corporation Rumpus Ftp Server Buffer Overflow
Paloaltonetworks Pan-os XSS
Apache Http Server
Isode M-vault Server
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker...
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote...
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework.
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a...
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs.
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration.