May 14, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Fortinet Multiple Products added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-32756 Fortinet Multiple Products Stack-Based Buffer Overflow

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Fortinet Multiple Products Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-47781 Rallly is an open-source scheduling and collaboration tool.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-47889 Jenkins Wso2 Oauth

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Fortinet Multiple Products Stack-Based Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-10865 CVSS 9.4

Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication.

CVE-2025-27891 CVSS 9.1

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13...

CVE-2025-32363 CVSS 9.8

mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.

CVE-2025-4638 CVSS 9.2

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL).

CVE-2025-4641 CVSS 9.3

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Li...

CVE-2025-47292 CVSS 9.5

Cap Collectif is an online decision making platform that integrates several tools.

CVE-2025-47777 CVSS 9.6

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client.

CVE-2025-47781 CVSS 9.8

Rallly is an open-source scheduling and collaboration tool.

CVE-2025-47884 CVSS 9.1

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden valu...

CVE-2025-47889 CVSS 9.8

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, a...

View critical disclosures

cvelogic Threat Intelligence