vFeed IO Vulnerability Intelligence As A Service

vFeed November 2025 Threat Intel Newsletter is out. Packed with latest vulnerability trends, landscape, statistics, impacted platforms and exploitable ones. Read the full newsletter here: vfeed.io/vfeed-newslett…

CVE-2025-55182 Pre-auth RCE in React Server components: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. Unsafe deserialize payloads from HTTP to Server Function CVSS3 10.0, Network, High Impact, EPSS 63% versions 19.x react.dev/blog/2025/12/0…

CVE-2025-24893 XWiki Platform guest can perform RCE through SolrSearch macros request CVSS3 9.8, Impact 5.9, EPSS 99.9%, Exploits available github.com/xwiki/xwiki-pl…

CVE-2025-12480 Triofox Improper Access Control flaw allowing access to initial setup pages even after setup is complete. CVSS3 9.1, Impact 5.2, EPSS 97.7% cloud.google.com/blog/topics/th…

CVE-2025-8324 Zoho ManageEngine Analytics Plus vulnerable to Unauthenticated SQL Injection due to the improper filter configuration CVSS3 9.8, Impact 5.9, EPSS 84.7% manageengine.com/analytics-plus…

vFeed Threat Intel October 2025 Newsletter is packed with critical info on vulnerability landscape, trends, statistics during month, and impacted platforms and exploitable vulnerabilities. Read the full newsletter here: vfeed.io/vfeed-newslett…

vFeed Threat Intel September 2025 Newsletter is out. Packed with critical vulnerability trends, platforms to take notice, and exploitable ones to remediate. September 2025 was an active month for cybersecurity, with 3,738 vulnerabilities published. vfeed.io/vfeed-newslett…

CVE-2025-10585 Chrome V8 reported by Google’s Threat Analysis confirmed active exploitation in wild, high-urgency update. Risk 9,8, EPSS 88% caused by Javascript type confusion incorrectly treating object kind, leading to heap corruption via crafted HTML github.com/AdityaBhatt301…

vFeed Threat Intel Newsletter August 2025 August saw a significant spike accounting of about 3,360 published vulnerabilities, one of the largest in the month seen recently, though comparatively lower than 3,600 last month. Read more here: vfeed.io/vfeed-newslett…

CVE-2025-9478 base 8.8, Impact 6.9, Network EPSS 21.1% Use-after-free in ANGLE in Chrome prior to 139.0.7258.154 allowed remote attacker potentially exploit heap corruption via crafted HTML. Marked Chromium Critical. Reported by Google Big Sleep chromereleases.googleblog.com/2025/08/stable…

What is your risk of CVE-2025-0108 authentication bypass vulnerability in PAN-OS software management web interface? Here is what vFeed sees. CVSS4 8.8, Low attack complexity, EPSS 99.8% percentile

vFeed Newsletter July 2025 We present interesting vulnerability trends during the month, critical vulnerabilities to pay attention to, and exploitable vulnerabilities to remediate. Read the full newsletter here: vfeed.io/vfeed-newslett… #cybersecurity #vulnerability

See Rapid7 print hacks assets.contentstack.io/v3/assets/blte… See Rapid7 Brother vulnerabilities github.com/sfewer-r7/Brot…

See advisory for more info: rapid7.com/blog/post/mult…

CVE-2024-51977 Multiple Brother devices authentication bypass via default administrator password generation. Unauthenticated that can access HTTP/HTTPS/IPP leak sensitive info, including device model, firmware, IP address, and serial. Patch them ASAP

vFeed Newsletter June 2025 We present critical vulnerability and exploitability trends during in this month. Read the full newsletter here: vfeed.io/vfeed-newslett… #cybersecurity #vulnerability

Did you know recent Envoy vulnerabilities reveal serious risks: command injection via admin (CVE-2025-24030, EPSS 39.6%), log poison (CVE-2025-25294, EPSS 32.1%), bypass 2FA (CVE-2025-30236, EPSS 24.5%). Patch them now — EPSS scores show real-world exploit potential. #envoyproxy

CVE-2025-26613, EPSS 50.5%, WeGIA REC gerenciar_backup.php endpoint, CVSS4 10, complexity low

Of the CVSS4 scores recorded, vFeed found about 71 critical CVEs in 2025, of which 20 had a CVSS4 10 base score. Of those 71, we have 21 (~30%) are PHP, of which 13 (~62%) are SQL Injection attacks, and ~20% of which have an exploit percentile > 50%. See the power of vFeed intel?

vFeed Integrates Next-Generation CVSS 4.0 Risk Scoring Exciting news for threat intelligence users! vFeed is thrilled to announce the integration of CVSS version 4.0 (CVSS4) risk scoring metrics into our threat intel feed. For more details, see vfeed.io/vfeed-integrat…