Jul 28, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Cisco Identity Services Engine: 2 CVEs added to CISA KEV today.
Xwiki: public exploit or PoC linked (SQL injection)
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF)

Actively exploited (CISA KEV)
Listed on CISA KEV

PaperCut NG/MF CSRF is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-0737 A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1.

Public exploit or PoC available
Exploit activity linked

Xlightftpd Xlight Ftp Server DoS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-54419 A SAML library not dependent on any frameworks that runs in Node.

CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-20337 KEV

Cisco Identity Services Engine Injection

CVE-2025-20281 KEV

Cisco Identity Services Engine Injection

CVE-2023-2533 KEV

PaperCut NG/MF Cross-Site Request Forgery (CSRF)

View KEV additions

Exploit & PoC activity

CVE-2025-32429 Exploit

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2025-50481 Exploit

A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitr...

CVE-2025-6018 Exploit

A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM).

CVE-2024-20767 Exploit

Adobe ColdFusion Improper Access Control

CVE-2024-0737 Exploit

A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-30125 CVSS 9.8

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices.

CVE-2025-30133 CVSS 9.8

An issue was discovered on IROAD Dashcam FX2 devices.

CVE-2025-53695 CVSS 9.4

OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root'...

CVE-2025-53696 CVSS 9.3

iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware.

CVE-2025-54298 CVSS 9.4

A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.

CVE-2025-54299 CVSS 9.4

A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.

CVE-2025-54418 CVSS 9.8

CodeIgniter is a PHP full-stack web framework.

CVE-2025-54419 CVSS 10

A SAML library not dependent on any frameworks that runs in Node.

CVE-2025-54426 CVSS 9.9

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate.

CVE-2025-54428 CVSS 9.8

RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language.

View critical disclosures

cvelogic Threat Intelligence