Jul 31, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2014-125121 Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a p...

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2014-125123 An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (dev...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2014-125124 An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to an...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2013-10043 CVSS 9.5

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script...

CVE-2014-125121 CVSS 10

Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused...

CVE-2014-125123 CVSS 10

An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1...

CVE-2014-125124 CVSS 10

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web i...

CVE-2014-125126 CVSS 9.2

An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypa...

CVE-2025-26062 CVSS 9.8

An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings fi...

CVE-2025-26063 CVSS 9.8

An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted...

CVE-2025-50475 CVSS 9.8

An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execu...

CVE-2025-8286 CVSS 9.3

The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware confi...

CVE-2025-8426 CVSS 9.4

Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability.

View critical disclosures

cvelogic Threat Intelligence