Jan 19, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-22797 Openstack Keystonemiddleware

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-23836 HotCRP is conference review software.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-0610 Devolutions Server SQL Injection

  • CVSS 9.8

New critical Devolutions Server SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-11043 CVSS 9.1

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before...

CVE-2026-0610 CVSS 9.8

SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12

CVE-2026-1181 CVSS 9

Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credent...

CVE-2026-22797 CVSS 9.9

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 1...

CVE-2026-23837 CVSS 9.8

MyTube is a self-hosted downloader and player for several video websites.

CVE-2026-23839 CVSS 9.3

Movary is a web application to track, rate and explore your movie watch history.

CVE-2026-23840 CVSS 9.3

Movary is a web application to track, rate and explore your movie watch history.

CVE-2026-23841 CVSS 9.3

Movary is a web application to track, rate and explore your movie watch history.

CVE-2026-23947 CVSS 9.3

Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification.

View critical disclosures

cvelogic Threat Intelligence