Apr 9, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Linux Kernel: 2 CVEs added to CISA KEV today.
  • Zohocorp Manageengine Admanager Plus: public exploit or PoC linked (Privilege Escalation)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-53150 Linux Kernel Out-of-Bounds Read

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Linux Kernel Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-2054 Articatech Artica Proxy Code Execution

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Articatech Artica Proxy Code Execution now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-32642 Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote C...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2025-0868 Exploit

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT.

CVE-2024-24409 Exploit

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

CVE-2024-39304 Exploit

ChurchCRM is an open-source church management system.

CVE-2024-38944 Exploit

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generat...

CVE-2024-6244 Exploit

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logge...

CVE-2024-39143 Exploit

A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious prop...

CVE-2024-27348 Exploit

Apache HugeGraph-Server Improper Access Control

CVE-2024-2054 Exploit

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-55210 CVSS 9.8

An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) via a crafted websock...

Yiiframework Yii Improper Protection of Alternate Path

CVE-2025-27690 CVSS 9.8

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability.

CVE-2025-3114 CVSS 9.4

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate sec...

CVE-2025-3115 CVSS 9.4

Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.

CVE-2025-32496 CVSS 9.6

Cross-Site Request Forgery (CSRF) vulnerability in Uncodethemes Ultra Demo Importer ut-demo-importer allows Upload a Web Shell to a Web S...

CVE-2025-32576 CVSS 9.6

Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Serve...

CVE-2025-32641 CVSS 9.6

Cross-Site Request Forgery (CSRF) vulnerability in anantaddons Anant Addons for Elementor anant-addons-for-elementor allows Cross Site Re...

CVE-2025-32642 CVSS 10

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon vite-coupon allows Remote Code Inclusion.This issue affects Vite Co...

CVE-2025-32695 CVSS 9.8

Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This is...

View critical disclosures

cvelogic Threat Intelligence