Jan 14, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-22238 The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs.

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Blusparkglobal Bluvoyix privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-22236 The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-22237 The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-14301 CVSS 9.8

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0.

CVE-2025-14502 CVSS 9.8

The News and Blog Designer Bundle plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1 vi...

CVE-2025-37184 CVSS 9.8

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authenticati...

CVE-2025-70968 CVSS 9.8

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().

CVE-2026-22236 CVSS 10

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs.

CVE-2026-22237 CVSS 10

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation.

CVE-2026-22238 CVSS 10

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs.

CVE-2026-22239 CVSS 10

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API.

CVE-2026-22240 CVSS 10

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs.

CVE-2026-23550 CVSS 9.8

Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Mo...

View critical disclosures

cvelogic Threat Intelligence