Dec 16, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Fortinet Multiple Products added to CISA KEV — confirmed in-the-wild exploitation.
  • SQL injection vulnerability in Summar Software´s Portal del Empleado.: public exploit or PoC linked (SQL Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-59718 Fortinet Multiple Products Improper Verification of Cryptographic Signature

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Active exploit activity

CVE-2025-40677 SQL injection vulnerability in Summar Software´s Portal del Empleado.

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2025-63414 Allskyteam Allsky RCE

  • CVSS 10
  • Remote code execution exposure

New critical Allskyteam Allsky RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Fortinet Multiple Products Improper Verification of Cryptographic Signature

View KEV additions

Exploit & PoC activity

CVE-2025-40677 Exploit

SQL injection vulnerability in Summar Software´s Portal del Empleado.

CVE-2025-59342 Exploit

esm.sh is a nobuild content delivery network(CDN) for modern web development.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-14700 CVSS 9.9

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to p...

NVIDIA Isaac Lab contains a deserialization vulnerability.

CVE-2025-46295 CVSS 9.8

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted inpu...

CVE-2025-50398 CVSS 9.8

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_passw...

CVE-2025-50401 CVSS 9.8

Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password.

CVE-2025-62863 CVSS 9.8

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an inco...

CVE-2025-62864 CVSS 9.8

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an inco...

CVE-2025-63414 CVSS 10

A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary...

CVE-2025-65834 CVSS 9.8

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow.

CVE-2025-68270 CVSS 9.9

The Open edX Platform is a learning management platform.

View critical disclosures

cvelogic Threat Intelligence