Critical exposure
CVE-2026-6722 Php
- CVSS 9.5
New critical disclosure (CVSS 9.5) — high severity with a short public awareness window before exploit material typically surfaces.
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 9.5) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
New high-severity Inspireui Mstore Api RCE — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
High-risk exposure
New high-severity Opencats RCE — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values in...
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrat...
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file...
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uplo...
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object dedupl...