Feb 19, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-37361 The application deserializes untrusted data without sufficiently verifying that the resulting dat...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-46271 Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2025-1132 Churchcrm SQL Injection

  • CVSS 9.3

New high-severity Churchcrm SQL Injection — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-35546 CVSS 9.1

Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

CVE-2023-46271 CVSS 9.8

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow.

CVE-2024-37361 CVSS 9.9

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2025-1132 CVSS 9.3

A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter.

CVE-2025-1133 CVSS 9.3

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-bas...

CVE-2025-1134 CVSS 9.3

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-bas...

CVE-2025-1135 CVSS 9.3

A vulnerability exists in ChurchCRM 5.13.0.

View critical disclosures

cvelogic Threat Intelligence