Apr 11, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Anirbandutta9 Content Management System: public exploit or PoC linked (SQL Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2018-1000638 1234n Minicms cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

1234n Minicms cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2019-13961 Flatcore CSRF

  • Public exploit or PoC available
  • Exploit activity linked

Flatcore CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-32579 Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sy...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-53586 Exploit

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request.

CVE-2024-56898 Exploit

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less.

CVE-2024-56901 Exploit

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attacker...

CVE-2024-48849 Exploit

Missing Origin Validation in WebSockets vulnerability in FLXEON.

CVE-2024-48852 Exploit

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON.

CVE-2024-48841 Exploit

Network access can be used to execute arbitrary code with elevated privileges.

CVE-2024-10758 Exploit

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0.

CVE-2024-51774 Exploit

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

CVE-2024-8522 Exploit

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-js...

CVE-2023-30258 Exploit

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthe...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-0129 CVSS 9.3

An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser fro...

CVE-2025-23391 CVSS 9.1

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators...

CVE-2025-32565 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer neon-p...

CVE-2025-32568 CVSS 9.8

Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This is...

CVE-2025-32569 CVSS 9.8

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects T...

CVE-2025-32577 CVSS 9.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build...

CVE-2025-32579 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in SoftClever Limited Sync Posts sync-posts allows Upload a Web Shell to a...

CVE-2025-32603 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-...

CVE-2025-32607 CVSS 9.8

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue...

CVE-2025-3439 CVSS 9.8

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP...

View critical disclosures

cvelogic Threat Intelligence