Apr 24, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2025-31324
SAP NetWeaver Unrestricted File Upload
- CVSS 10
- Potential privilege escalation to admin/root
New critical SAP NetWeaver privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-46264
Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting po...
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
High-risk exposure
CVE-2025-26382
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overfl...
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue
SAP NetWeaver Unrestricted File Upload
YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp.
h11 is a Python implementation of HTTP/1.1.
Unrestricted Upload of File with Dangerous Type vulnerability in blubrry PowerPress Podcasting powerpress allows Upload a Web Shell to a...
UNI-NMS-Lite is vulnerable to a command injection attack that could allow an unauthenticated attacker to read or manipulate device data.
WGS-80HPT-V2 and WGS-4215-8T2S are vulnerable to a command injection attack that could allow an unauthenticated attacker to execute OS co...
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to gain administrative privileges to all UNI-NMS ma...
UNI-NMS-Lite uses hard-coded credentials that could allow an unauthenticated attacker to read, manipulate and create entries in the manag...
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create an administrator account without knowing...
View critical disclosures
cvelogic
Threat Intelligence