Critical CVE newsletter
Every day we curate the most relevant CVEs and break them down in plain English: CVSS, affected vendors, exploitation requirements, evidence of active exploit, and concrete mitigations — all in a 3-minute read before 20:00 CET. If you live and breathe security, this CVE newsletter skips the NVD-feed noise: filtered by AI, prioritised by Gorka, and only what's worth your time. We lead with actively abused exploits, CVEs with public PoCs, top-vendor advisories (Cisco, Fortinet, Microsoft, Apple, Linux kernel), and the reminders you need when a patch arrives late. Subscribe free and stop missing critical vulnerabilities.
Latest CVE articles
Microsoft removes GitHub account over public zero-day drops
Microsoft removes GitHub account of researcher who publicly dropped zero-days without coordinated disclosure, then publicly endorses CVD.
Emergency SharePoint patch: update now
Microsoft issued an out-of-band SharePoint patch, signaling active exploitation or critical severity outside the normal Patch Tuesday cycle.
CVE-2026-31635 DirtyDecrypt: public PoC for Linux kernel LPE
Public PoC released for CVE-2026-31635 (DirtyDecrypt), a Linux kernel local privilege escalation flaw discovered by Zellic and V12.
SharePoint RCE CVE-2026-45659 patched — CVSS 8.8
Microsoft patches CVE-2026-45659 in SharePoint Server — RCE via untrusted data deserialization, CVSS 8.8, no special attack conditions required.
CVE-2026-34926: Apex One zero-day actively exploited
CVE-2026-34926, a directory traversal zero-day in TrendAI Apex One on-premise, is being actively exploited in the wild; patch is available.
CVE — frequently asked questions
What is a CVE and why does it matter?
A CVE (Common Vulnerabilities and Exposures) is the unique identifier MITRE assigns to a public vulnerability. Each CVE includes its CVSS (0–10 severity), affected vendors, and evidence of active exploitation when available. It matters because it tells you what to patch first.
How do you decide which CVEs make the newsletter?
We filter by CVSS ≥ 8, evidence of in-the-wild exploitation, availability of a public proof-of-concept (PoC), or critical vendor advisories (Cisco, Fortinet, Microsoft, Apple, Linux kernel). Otherwise it doesn't make the cut. No noise, no low-impact CVEs.
When does the daily CVE digest arrive?
Every day before 20:00 CET you'll get the day's critical CVEs in your inbox, alongside the rest of the curated news. ~3 minute read.





