May 19, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Ivanti Endpoint Manager Mobile (EPMM): 2 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-38950 ZKTeco BioTime Path Traversal

Actively exploited (CISA KEV)
Listed on CISA KEV

ZKTeco BioTime Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-39380 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management Sys...

CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-39401 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-managem...

CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-4427 KEV

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass

CVE-2025-4428 KEV

Ivanti Endpoint Manager Mobile (EPMM) Code Injection

CVE-2025-27920 KEV

Srimax Output Messenger Directory Traversal

CVE-2024-11182 KEV

MDaemon Email Server Cross-Site Scripting (XSS)

CVE-2024-27443 KEV

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)

CVE-2023-38950 KEV

ZKTeco BioTime Path Traversal

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-39354 CVSS 9.8

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue affects...

CVE-2025-39356 CVSS 9.8

Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart foodbakery-sticky-cart allows Object Injection.This...

CVE-2025-39380 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a...

CVE-2025-39386 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla Hospital Management System...

CVE-2025-39389 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solid Plugins AnalyticsWP allows SQ...

CVE-2025-39395 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS apartment-management...

CVE-2025-39401 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web S...

CVE-2025-39402 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web S...

CVE-2025-47949 CVSS 9.9

samlify is a Node.js library for SAML single sign-on.

CVE-2025-48340 CVSS 9.8

Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager user-profile-meta allows Privilege Escalation.Thi...

View critical disclosures

cvelogic Threat Intelligence