Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
Drupal Core SQL Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Microsoft Power Pages Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
New critical Microsoft Planetary Computer Deserialization (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
CISA KEV — confirmed in-the-wild exploitation.
Drupal Core SQL Injection
Nothing flagged in this category for this digest.
Nothing flagged in this category for this digest.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attac...
Typebot is a chatbot builder tool.
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to eleva...
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker...
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a netw...
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0.