Nov 28, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • OpenPLC ScadaBR added to CISA KEV — confirmed in-the-wild exploitation.
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

OpenPLC ScadaBR XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

High-risk exposure

CVE-2025-65112 PubNet is a self-hosted Dart & Flutter package service.

  • CVSS 9.4
  • Potential privilege escalation to admin/root

New high-severity Ricardoboss Pubnet Privilege Escalation — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

High-risk exposure

CVE-2025-66385 Cerebrate-project Cerebrate privilege escalation

  • CVSS 9.4
  • Potential privilege escalation to admin/root

New high-severity Cerebrate-project Cerebrate privilege escalation — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-65112 CVSS 9.4

PubNet is a self-hosted Dart & Flutter package service.

CVE-2025-66216 CVSS 9.3

AIS-catcher is a multi-platform AIS receiver.

OrangeHRM is a comprehensive human resource management (HRM) system.

CVE-2025-66385 CVSS 9.4

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a h...

View critical disclosures

cvelogic Threat Intelligence