Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 17, 2025
Sep 17, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2025-23316
Nvidia Triton Inference Server RCE
CVSS 9.8
Remote code execution exposure
New critical Nvidia Triton Inference Server RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVSS 9.8
Remote code execution exposure
New critical Swetrix RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2025-59340
Hubspot Jinjava unsafe deserialization
New critical Hubspot Jinjava unsafe deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remo...
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to byp...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library A...
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability.
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability.
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remo...
Dyad is a local AI app builder.
A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution v...
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates.
A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the buil...
View critical disclosures
cvelogic
Threat Intelligence