Oct 2, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Samsung Mobile Devices added to CISA KEV — confirmed in-the-wild exploitation.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2014-6278
GNU Bash OS Command Injection
- Actively exploited (CISA KEV)
- Listed on CISA KEV
GNU Bash Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Samsung Mobile Devices Out-of-Bounds Write
Smartbedded Meteobridge Command Injection
Jenkins Remote Code Execution
Juniper ScreenOS Improper Authentication
GNU Bash OS Command Injection
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive crede...
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication.
The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow Lic...
Operating system command injection vulnerability in AndSoft's e-TMS v25.03.
Operating system command injection vulnerability in AndSoft's e-TMS v25.03.
Operating system command injection vulnerability in AndSoft's e-TMS v25.03.
SQL injection vulnerability in AndSoft's e-TMS v25.03.
SQL injection vulnerability in AndSoft's e-TMS v25.03.
WeGIA is a Web manager for charitable institutions.
WeGIA is an open source web manager with a focus on charitable institutions.
View critical disclosures
cvelogic
Threat Intelligence