Jun 9, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Erlang/OTP added to CISA KEV — confirmed in-the-wild exploitation.
- Microsoft Windows 11 22h2: public exploit or PoC linked (privilege escalation)
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-42009
RoundCube Webmail Cross-Site Scripting
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
CVE-2024-0725
A vulnerability was found in ProSSHD 1.2 on Windows.
- Public exploit or PoC available
- Exploit activity linked
Prosshd DoS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function
RoundCube Webmail Cross-Site Scripting
View KEV additions
Exploit & PoC activity
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications.
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
A vulnerability was found in ProSSHD 1.2 on Windows.
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce a...
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light ex...
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injectio...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Prod...
listmonk is a standalone, self-hosted, newsletter and mailing list manager.
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access p...
View critical disclosures
cvelogic
Threat Intelligence