Jan 22, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Synacor Zimbra Collaboration Suite (ZCS) added to CISA KEV — confirmed in-the-wild exploitation.
Lfprojects Mlflow — exploitation likelihood rose sharply (EPSS 22% → 33% · rising (+11%)).
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-34026 Versa Concerto Improper Authentication

Actively exploited (CISA KEV)
Listed on CISA KEV
Authentication bypass — unauthenticated access risk

Versa Concerto Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Emerging exploitation risk

CVE-2023-6568 Lfprojects Mlflow XSS

Exploitation likelihood sharply increased
EPSS 22% → 33% · rising (+11%)

Lfprojects Mlflow: EPSS 22% → 33% · rising (+11%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2026-24306 Microsoft Azure Front Door privilege escalation

CVSS 9.8
Potential privilege escalation to admin/root

New critical Microsoft Azure Front Door privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2025-68645 KEV

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion

CVE-2025-54313 KEV

Prettier eslint-config-prettier Embedded Malicious Code

CVE-2025-34026 KEV

Versa Concerto Improper Authentication

CVE-2025-31125 KEV

Vite Vitejs Improper Access Control

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2023-6568 EPSS 22% → 33% · rising (+11%) CVSS 6.1

Lfprojects Mlflow XSS

CVE-2009-4107 EPSS 5.0% → 15% · rising (+10%) CVSS 9.3

Amplusnet Invisible Browsing Buffer Overflow

See EPSS increases

New critical disclosures

CVE-2025-54816 CVSS 9.4

This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to est...

CVE-2025-56590 CVSS 9.8

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10.

CVE-2026-1201 CVSS 9.4

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2...

CVE-2026-20750 CVSS 9.1

Gitea does not properly validate project ownership in organization project operations.

CVE-2026-20897 CVSS 9.1

Gitea does not properly validate repository ownership when deleting Git LFS locks.

CVE-2026-20912 CVSS 9.1

Gitea does not properly validate repository ownership when linking attachments to releases.

CVE-2026-21264 CVSS 9.3

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker...

CVE-2026-24305 CVSS 9.3

Azure Entra ID Elevation of Privilege Vulnerability

CVE-2026-24306 CVSS 9.8

Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-24307 CVSS 9.3

Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

View critical disclosures

cvelogic Threat Intelligence