Feb 11, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Motioneye Project Motioneye: public exploit or PoC linked (Code Execution)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-4911 GNU C Library Buffer Overflow

  • Public exploit or PoC available
  • Exploit activity linked

GNU C Library Buffer Overflow now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2025-60787 Motioneye Project Motioneye Code Execution

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Motioneye Project Motioneye Code Execution now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-69874 Unjs Nanotar Path Traversal

  • CVSS 9.8

New critical Unjs Nanotar Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2025-60787 Exploit

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name.

CVE-2025-24054 Exploit

Microsoft Windows NTLM Hash Disclosure Spoofing

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-37186 CVSS 9.3

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database confi...

CVE-2025-67135 CVSS 9.8

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code repl...

CVE-2025-69872 CVSS 9.8

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default.

CVE-2025-69874 CVSS 9.8

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary...

CVE-2025-70085 CVSS 9.8

An issue was discovered in OpenSatKit 2.2.1.

CVE-2026-1729 CVSS 9.8

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12.

A race condition was addressed with improved handling of symbolic links.

CVE-2026-25084 CVSS 9.3

Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.

CVE-2026-26021 CVSS 9.4

set-in provides the set value of nested associative structure given array of keys.

CVE-2026-26215 CVSS 9.3

manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to un...

View critical disclosures

cvelogic Threat Intelligence