Jan 28, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-57792 Explorance Blue SQL Injection

  • CVSS 10

New critical Explorance Blue SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-24897 Erugo is a self-hosted file-sharing platform.

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Erugo privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-57795 Explorance Blue RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Explorance Blue RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-40553 CVSS 9.8

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code ex...

CVE-2025-40554 CVSS 9.8

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacke...

CVE-2025-57792 CVSS 10

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web a...

CVE-2025-57794 CVSS 9.1

Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface.

CVE-2025-57795 CVSS 9.9

Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component.

CVE-2025-61140 CVSS 9.8

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

CVE-2025-69602 CVSS 9.1

A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identif...

CVE-2026-1056 CVSS 9.8

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'gene...

CVE-2026-24685 CVSS 9.4

OpenProject is an open-source, web-based project management software.

CVE-2026-24897 CVSS 10

Erugo is a self-hosted file-sharing platform.

View critical disclosures

cvelogic Threat Intelligence