Here are today's top three highest-risk public-exploit vulnerabilities selected and summarized for you.
Selection note: New CISA KEV first; then published today; then NVD-updated today with publication within roughly the last 30 days. All rows carry public exploit / PoC signals (e.g. exploit-tagged refs, KEV).
CVE: CVE-2023-54344
CVSS: 9.3
EPSS: 0.2% probability · 41.7th percentile (via first.org)
Risk level: CRITICAL
Affected versions: Eclipse Equinox OSGi 3.7.2 and earlier
Summary: This is an unauthenticated remote code execution vulnerability in the console interface of Eclipse Equinox OSGi 3.7.2 and earlier. Attackers can connect to the exposed OSGi console port and send base64-encoded malicious command payloads to achieve arbitrary code execution. Successful exploitation allows attackers to establish reverse shells and gain full control of affected systems.
Remediation: Update Eclipse Equinox OSGi to the latest patched version that addresses this console vulnerability. Disable the OSGi console interface if it is not required for business operations, and restrict access to the console port to only trusted IP addresses if it must remain enabled. Monitor network traffic for unexpected outbound connections from affected hosts.
Exploit info: This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
ʳ·ʳCVE: CVE-2023-54342
CVSS: 9.3
EPSS: 0.2% probability · 48.5th percentile (via first.org)
Risk level: CRITICAL
Affected versions: Eclipse Equinox OSGi 3.8 through 3.18
Summary: This flaw is an unauthenticated remote code execution vulnerability in the console interface of Eclipse Equinox OSGi versions 3.8 to 3.18. It leverages insecure handling of the fork command functionality, allowing attackers to send malicious payloads via a telnet connection to the exposed console. Successful exploitation grants attackers full remote code execution and system access.
Remediation: Upgrade Eclipse Equinox OSGi to a patched version beyond 3.18 or apply the latest vendor security advisory fixes. Disable public access to the OSGi console and restrict any required console access to internal trusted networks only. Scan your environment for exposed OSGi console instances to remediate at-risk systems quickly.
Exploit info: This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
ᵉ‣ᵉCVE: CVE-2026-7823
CVSS: 9.3
EPSS: 1.2% probability · 79.5th percentile (via first.org)
Risk level: CRITICAL
Affected versions: Totolink A8000RU firmware 7.1cu.643_b20200521
Summary: This is an unauthenticated OS command injection vulnerability in the Totolink A8000RU wireless router firmware. The flaw exists in the setAppFilterCfg function of the cstecgi.cgi endpoint, where improper input validation allows attackers to inject arbitrary operating system commands. A public exploit has already been released for this vulnerability, enabling remote attackers to compromise affected devices.
Remediation: Install the latest available firmware update from Totolink for the A8000RU model to address this vulnerability. If no official patch is available, restrict router management interface access to trusted internal networks only and do not expose the interface to the public internet. Replace end-of-life affected devices if no further security updates will be released.
Exploit info: This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
This digest is for your personal use only. Please do not share or forward. Unauthorized distribution may result in account termination.