Jun 15, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: public exploit or PoC linked (privilege escalation)

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2024-28000 Litespeedtech Litespeed Cache privilege escalation

  • Public exploit or PoC available
  • Exploit activity linked
  • Shared hosting environments affected

Shared-hosting stack with public exploit linkage — one PoC often maps to many tenants on the same provider footprint.

Active exploit activity

CVE-2024-4577 PHP-CGI OS Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

PHP Group PHP Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control

  • Public exploit or PoC available
  • Exploit activity linked
  • Potential privilege escalation to admin/root

Microsoft Windows privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2025-33073 Exploit

Microsoft Windows SMB Client Improper Access Control

CVE-2025-46041 Exploit

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page desc...

CVE-2025-49619 Exploit

Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigati...

CVE-2025-37928 Exploit

In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as belo...

CVE-2025-4255 Exploit

A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7.

CVE-2025-27751 Exploit

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2024-28000 Exploit

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

Nothing flagged in this category for this digest.

View critical disclosures

cvelogic Threat Intelligence