May 16, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-47916 Invisioncommunity RCE

  • CVSS 10
  • Remote code execution exposure

New critical Invisioncommunity RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-40906 BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2025-39481 Imithemes Eventer SQL Injection

  • CVSS 9.3

New high-severity Imithemes Eventer SQL Injection — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-32643 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPGYM allows Blind SQL Inj...

CVE-2025-39481 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Bl...

CVE-2025-40906 CVSS 9.8

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities.

CVE-2025-47916 CVSS 10

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php.

View critical disclosures

cvelogic Threat Intelligence