May 22, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Samsung MagicINFO 9 Server added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-4632 Samsung MagicINFO 9 Server Path Traversal

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Samsung MagicINFO 9 Server Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-41195 Ocuco Innovation privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Ocuco Innovation privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-41196 Ocuco Innovation privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Ocuco Innovation privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-13955 CVSS 9.4

2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator cred...

CVE-2024-41195 CVSS 9.8

An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Adm...

CVE-2024-41196 CVSS 9.8

An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administ...

CVE-2024-41197 CVSS 9.8

An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrato...

CVE-2024-41198 CVSS 9.8

An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator...

CVE-2024-48853 CVSS 9.5

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPEC...

CVE-2024-6914 CVSS 9.8

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SO...

CVE-2025-32814 CVSS 9.8

An issue was discovered in Infoblox NETMRI before 7.6.1.

CVE-2025-5098 CVSS 9.1

PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account wi...

CVE-2025-5099 CVSS 9.8

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and pot...

View critical disclosures

cvelogic Threat Intelligence