Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Cisco Catalyst SD-WAN Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
Pjsip Buffer Overflow now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
CISA KEV — confirmed in-the-wild exploitation.
Cisco Catalyst SD-WAN Controller Authentication Bypass
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Executio...
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc.
PJSIP is a free and open source multimedia communication library written in C.
Nothing flagged in this category for this digest.
PrestaShop is an open source e-commerce web application.
Note Mark is an open-source note-taking application.
SiYuan is an open-source personal knowledge management system.
Gradient is a nix-based continuous integration system.
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool.
SiYuan is an open-source personal knowledge management system.
SiYuan is an open-source personal knowledge management system.
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a cra...
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a c...
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or comp...