Oct 14, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2016-7836 SKYSEA Client View Improper Authentication

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

SKYSEA Client View RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data

  • CVSS 9.8

New critical Microsoft Windows Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-62376 pwn.college DOJO is an education platform for learning cybersecurity.

  • CVSS 9.5
  • Potential privilege escalation to admin/root

New critical disclosure (CVSS 9.5) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2011-10033 CVSS 9.3

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 't...

CVE-2017-20204 CVSS 9.3

DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that...

CVE-2017-20205 CVSS 9.2

Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer fun...

CVE-2018-25117 CVSS 9.3

VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain com...

CVE-2023-7304 CVSS 9.3

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface.

CVE-2023-7305 CVSS 9.2

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic.

CVE-2023-7311 CVSS 9.3

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint.

CVE-2025-49553 CVSS 9.3

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a...

CVE-2025-59287 CVSS 9.8

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data

CVE-2025-62376 CVSS 9.5

pwn.college DOJO is an education platform for learning cybersecurity.

View critical disclosures

cvelogic Threat Intelligence