Nov 5, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-55343 Quipux SQL Injection

  • CVSS 9.9

New critical Quipux SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-63601 Snipeitapp Snipe-it RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Snipeitapp Snipe-it RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-61304 Dynatrace Activegate Ping Extension Command Injection

  • CVSS 9.8

New critical Dynatrace Activegate Ping Extension Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-20354 CVSS 9.8

New critical Cisco Unified Contact Center Express exposure disclosed.

CVE-2025-20358 CVSS 9.4

New critical Cisco Unified Contact Center Express exposure disclosed.

CVE-2025-45378 CVSS 9.1

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell.

CVE-2025-46364 CVSS 9.1

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerabi...

CVE-2025-55343 CVSS 9.9

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqued...

CVE-2025-56231 CVSS 9.1

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass u...

CVE-2025-61304 CVSS 9.8

OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.

CVE-2025-63334 CVSS 9.8

PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php co...

CVE-2025-63416 CVSS 9.1

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 202...

CVE-2025-63601 CVSS 9.9

Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious...

View critical disclosures

cvelogic Threat Intelligence