Dec 3, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • OpenPLC ScadaBR added to CISA KEV — confirmed in-the-wild exploitation.
  • Djangoproject Django: public exploit or PoC linked (SQL Injection)
  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-26828 OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Active exploit activity

CVE-2017-15734 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.

  • Public exploit or PoC available
  • Exploit activity linked

Phpmyfaq CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-13390 Wpdirectorykit Wp Directory Kit Auth Bypass

  • CVSS 10
  • Internet-facing CMS deployments affected

New critical Wpdirectorykit Wp Directory Kit Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type

View KEV additions

Exploit & PoC activity

CVE-2025-64459 Exploit

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8.

CVE-2020-20969 Exploit

File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.

CVE-2018-25080 Exploit

A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31.

CVE-2021-40617 Exploit

An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.

CVE-2019-25024 Exploit

OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_ser...

CVE-2020-15716 Exploit

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script.

CVE-2020-15718 Exploit

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script.

CVE-2020-5504 Exploit

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page.

CVE-2019-16693 Exploit

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.

CVE-2017-15808 Exploit

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.

CVE-2017-15734 Exploit

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.

CVE-2017-15735 Exploit

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-32641 CVSS 9.8

Masa CMS is an open source Enterprise Content Management platform.

CVE-2025-13342 CVSS 9.8

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all ve...

CVE-2025-13390 CVSS 10

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incor...

CVE-2025-13486 CVSS 9.8

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via...

CVE-2025-34319 CVSS 9.3

TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command i...

CVE-2025-55182 CVSS 10

Meta React Server Components Remote Code Execution

CVE-2025-64055 CVSS 9.8

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functi...

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious...

CVE-2025-66222 CVSS 9.6

DeepChat is a smart assistant uses artificial intelligence.

View critical disclosures

cvelogic Threat Intelligence