Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Microsoft Windows added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-24016Wazuh Server Deserialization of Untrusted Data
Actively exploited (CISA KEV)
Listed on CISA KEV
Remote code execution exposure
Wazuh Server RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-30220GeoServer is an open source server that allows users to share and edit geospatial data.
CVSS 9.9
New critical Geotools Geonetwork XXE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-2474Blackberry Qnx Software Development Platform Out-of-Bounds Write
CVSS 9.8
New critical Blackberry Qnx Software Development Platform Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.