Jan 6, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • Qt-cute Quickteam — exploitation likelihood rose sharply (EPSS 32% → 85% · rising (+54%)).
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Emerging exploitation risk

CVE-2009-1551 Qt-cute Quickteam

  • Exploitation likelihood sharply increased
  • EPSS 32% → 85% · rising (+54%)

Qt-cute Quickteam: EPSS 32% → 85% · rising (+54%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Emerging exploitation risk

CVE-2007-6254 Sap Business Objects Buffer Overflow

  • Exploitation likelihood sharply increased
  • CVSS 9.3
  • EPSS 18% → 32% · rising (+14%)

Sap Business Objects: EPSS 18% → 32% · rising (+14%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2025-30996 Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allo...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2009-1551 EPSS 32% → 85% · rising (+54%) CVSS 7.5

Qt-cute Quickteam

CVE-2007-6254 EPSS 18% → 32% · rising (+14%) CVSS 9.3

Sap Business Objects Buffer Overflow

CVE-2009-1643 EPSS 8.5% → 20% · rising (+12%) CVSS 9.3

Sorinara Soritong Mp3 Player Buffer Overflow

CVE-2009-1187 EPSS 28% → 40% · rising (+12%) CVSS 5

Poppler DoS

CVE-2009-1586 EPSS 32% → 44% · rising (+11%) CVSS 9.3

Shemes Grabit Buffer Overflow

CVE-2019-7442 EPSS 5.6% → 17% · rising (+11%) CVSS 9.8

Cyberark Enterprise Password Vault XXE

CVE-2009-2568 EPSS 20% → 30% · rising (+10%) CVSS 9.3

Sorinara Streaming Audio Player Buffer Overflow

See EPSS increases

New critical disclosures

CVE-2025-14942 CVSS 9.4

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus sign...

CVE-2025-14996 CVSS 9.8

The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all...

CVE-2025-15001 CVSS 9.8

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and i...

CVE-2025-15385 CVSS 9.8

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issu...

CVE-2025-30996 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Newsy newsy allows Upload a Web Shell to a Web Server.Th...

CVE-2025-39477 CVSS 9.8

Missing Authorization vulnerability in Sfwebservice InWave Jobs iwjob allows Exploiting Incorrectly Configured Access Control Security Le...

CVE-2025-60262 CVSS 9.8

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vu...

CVE-2025-60534 CVSS 9.8

Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy request...

CVE-2025-65212 CVSS 9.8

An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1.

CVE-2026-21675 CVSS 9.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles.

View critical disclosures

cvelogic Threat Intelligence