PatchNow

RSS Feed - High Risk Alerts

Content last updated: Less than a minute ago
5
Critical Vulnerabilities
14
Days Since Newest Entry

☕ Support This Service

+

These automated vulnerability intelligence briefings are provided free of charge to help security teams stay ahead of critical threats. The service monitors CISA KEV additions, performs AI-powered risk analysis, and generates actionable alerts 24/7.

Monthly Running Costs: ~£14 Claude AI (Risk Analysis): £7 • Kagi Search (Threat Intel): £7
🎁 Buy me a coffee

🧠 Vulnerability Classification Logic

+

🔴 HIGH RISK vulnerabilities are those that meet all of the following criteria:

  • MITRE ATT&CK T1190 Classification: The vulnerability enables "Exploit Public-Facing Application" attacks, meaning it can be directly exploited over the internet without user interaction
  • Network Attack Vector: CVSS analysis confirms the vulnerability has a NETWORK attack vector (not LOCAL, ADJACENT, or PHYSICAL)
  • Internet-Facing Deployment Analysis: Claude AI assesses that the vulnerable software is commonly deployed as an internet-facing service with HIGH or VERY_HIGH likelihood
  • Added to CISA KEV quickly: The CVE was issued less than 30 days prior to it being added to the KEV list. Otherwise you would have already patched it, right?
  • Added to KEV recently: The CVE was added to the KEV list in the last 14 days. Because you've patched it by the time it has been in active exploitation for 30 days, haven't you?

Each vulnerability undergoes deployment pattern analysis where Claude AI evaluates the typical deployment scenarios, and internet-facing likelihood.

CVE-2025-61757 - Oracle Identity Manager 12.2.1.4.0, Oracle Identity Manager 14.1.2.1.0

Internet Exposure Likelihood: HIGH CVSS: 9.8
Critical pre-authentication remote code execution vulnerability in Oracle Identity Manager REST WebServices component. Allows complete system takeover via unauthenticated HTTP requests with CISA-confirmed active exploitation.
CVE ADDED: 2025-10-21 31 DAYS BETWEEN CVE AND KEV 14 DAYS SINCE KEV
View Details →

CVE-2025-58034 - Fortinet FortiWeb 7.0.2-7.0.11, Fortinet FortiWeb 7.2.0-7.2.11, Fortinet FortiWeb 7.4.0-7.4.8 (+1 more)

Internet Exposure Likelihood: VERY_HIGH CVSS: 6.7
OS command injection vulnerability in Fortinet FortiWeb allowing authenticated attackers to execute unauthorized code via crafted HTTP requests or CLI commands. FortiWeb is a web application firewall that is almost universally deployed as an internet-facing service to protect web applications.
CVE ADDED: 2025-11-18 0 DAY BETWEEN CVE AND KEV 17 DAYS SINCE KEV
View Details →

CVE-2025-64446 - Fortinet FortiWeb 7.0.0-7.0.11, Fortinet FortiWeb 7.2.0-7.2.11, Fortinet FortiWeb 7.4.0-7.4.9 (+2 more)

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.1
Critical path traversal vulnerability in Fortinet FortiWeb web application firewalls allows remote execution of administrative commands via crafted HTTP/HTTPS requests. Active exploitation is occurring in the wild with attackers creating administrative accounts for persistent access.
CVE ADDED: 2025-11-14 0 DAY BETWEEN CVE AND KEV 21 DAYS SINCE KEV
View Details →

CVE-2025-12480 - TrioFox File Sharing Platform

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.1
CVE-2025-12480 is a critical authentication bypass vulnerability in TrioFox file sharing platforms that allows unauthenticated attackers to access administrative setup pages. The vulnerability is being actively exploited in the wild and has been added to CISA's KEV catalog.
CVE ADDED: 2025-11-10 2 DAYS BETWEEN CVE AND KEV 23 DAYS SINCE KEV
View Details →

CVE-2025-9242 - WatchGuard Firewall/Fireware OS

Internet Exposure Likelihood: VERY_HIGH CVSS: 9.3
Critical out-of-bounds write vulnerability in WatchGuard Fireware OS affecting IKEv2 VPN services that allows unauthenticated remote code execution. This is actively exploited in the wild according to CISA KEV and affects security appliances that are inherently internet-facing by design.
CVE ADDED: 2025-09-17 56 DAYS BETWEEN CVE AND KEV 23 DAYS SINCE KEV
View Details →

Generated by PatchNow Intelligence System | Data Source: CISA KEV + CIRCL.LU + Claude Analysis

📄 Download JSON Data | 📡 RSS Feed