Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malic...
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, re...
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints.
FireFighter is an incident management application.
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs.
oxyno-zeta/s3-proxy is an aws s3 proxy written in go.
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents.
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents.
TanStack Unspecified
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger...