Home
» Risk & Exploitation
» Daily threat intelligence
» May 22, 2025
May 22, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Samsung MagicINFO 9 Server added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-4632
Samsung MagicINFO 9 Server Path Traversal
Actively exploited (CISA KEV)
Listed on CISA KEV
Samsung MagicINFO 9 Server Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-41195
Ocuco Innovation privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Ocuco Innovation privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-41196
Ocuco Innovation privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Ocuco Innovation privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Samsung MagicINFO 9 Server Path Traversal
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator cred...
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Adm...
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administ...
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrato...
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator...
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPEC...
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SO...
An issue was discovered in Infoblox NETMRI before 7.6.1.
PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account wi...
An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and pot...
View critical disclosures
cvelogic
Threat Intelligence