Apr 10, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Aquila-cms Aquilacms: public exploit or PoC linked (SQL Injection)
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-44088 Pandorafms Pandora Fms SQL Injection

  • Public exploit or PoC available
  • Exploit activity linked

Pandorafms Pandora Fms SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2024-35540 Typecho XSS

  • Public exploit or PoC available
  • Exploit activity linked

Typecho XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-32140 Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumb...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-48573 Exploit

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account...

CVE-2024-35540 Exploit

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a craft...

CVE-2024-35539 Exploit

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function.

CVE-2024-7815 Exploit

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic.

CVE-2024-36424 Exploit

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer de...

CVE-2024-33896 Exploit

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper para...

CVE-2024-20419 Exploit

Cisco Smart Software Manager On-prem — public exploit or PoC linked.

CVE-2024-6039 Exploit

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2.

CVE-2023-44088 Exploit

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injec...

CVE-2019-13024 Exploit

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system command...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-22375 CVSS 9.3

An authentication bypass vulnerability was found in Videx's CyberAudit-Web.

CVE-2025-32140 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail wp-remote-thumbnail allows Upload a...

CVE-2025-32202 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into...

CVE-2025-32206 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell...

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set i...

CVE-2025-32754 CVSS 9.1

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing...

CVE-2025-32755 CVSS 9.1

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all...

View critical disclosures

cvelogic Threat Intelligence