Jan 2, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-64121 Nuvationenergy Nplatform Auth Bypass

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical Nuvationenergy Nplatform Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-65125 Gosaliajainam Online-movie-booking SQL Injection

  • CVSS 9.8

New critical Gosaliajainam Online-movie-booking SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-67268 Gpsd Project Gpsd Out-of-Bounds Write

  • CVSS 9.8

New critical Gpsd Project Gpsd Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-64120 CVSS 9.4

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack C...

CVE-2025-64121 CVSS 10

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authenticat...

CVE-2025-65125 CVSS 9.8

SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gain sensitive information.

CVE-2025-67268 CVSS 9.8

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file.

CVE-2026-21440 CVSS 9.2

AdonisJS is a TypeScript-first web framework.

View critical disclosures

cvelogic Threat Intelligence