Feb 19, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 7 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-37361
The application deserializes untrusted data without sufficiently verifying that the resulting dat...
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2023-46271
Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow.
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
New high-severity Churchcrm SQL Injection — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow.
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter.
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-bas...
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-bas...
A vulnerability exists in ChurchCRM 5.13.0.
View critical disclosures
cvelogic
Threat Intelligence