Nov 26, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-64127 An OS command injection vulnerability exists due to insufficient sanitization of user-supplied in...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-64128 An OS command injection vulnerability exists due to incomplete validation of user-supplied input.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-50433 Imonnit privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Imonnit privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-5539 CVSS 9.2

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious acto...

CVE-2025-26155 CVSS 9.8

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.

CVE-2025-40934 CVSS 9.3

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.

CVE-2025-50433 CVSS 9.8

An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to...

CVE-2025-64127 CVSS 10

An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input.

CVE-2025-64128 CVSS 10

An OS command injection vulnerability exists due to incomplete validation of user-supplied input.

CVE-2025-64130 CVSS 9.3

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary...

CVE-2025-65276 CVSS 9.8

An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1...

CVE-2025-65669 CVSS 9.1

An issue was discovered in classroomio 0.1.13.

View critical disclosures

cvelogic Threat Intelligence