Jan 22, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-23953 Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-file...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-20156 New critical Cisco Meeting Management privilege escalation disclosed.

  • CVSS 9.9
  • Network edge / SD-WAN deployments affected

New critical Cisco Meeting Management privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-23918 Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Br...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-37777 CVSS 9.8

A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier.

CVE-2024-12857 CVSS 9.8

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8.

CVE-2025-20156 CVSS 9.9

New critical Cisco Meeting Management privilege escalation disclosed.

CVE-2025-23914 CVSS 9.8

Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Inj...

CVE-2025-23918 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Uplo...

CVE-2025-23921 CVSS 9

Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload...

CVE-2025-23931 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliver Fuhrmann WordPress Local SEO...

CVE-2025-23932 CVSS 9.8

Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count...

CVE-2025-23942 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to...

CVE-2025-23953 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Ser...

View critical disclosures

cvelogic Threat Intelligence