Dec 29, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- MongoDB And MongoDB Server added to CISA KEV — confirmed in-the-wild exploitation.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-14847
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.
Critical exposure
CVE-2025-68562
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a...
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary...
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue af...
A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authenticat...
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I.
Frappe is a full-stack web application framework.
Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
View critical disclosures
cvelogic
Threat Intelligence