Feb 18, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Dell RecoverPoint For Virtual Machines (RP4VMs) added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF)

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

GitLab SSRF is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2025-14009 Nltk

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-70152 Fabian Scholars Tracking System SQL Injection

  • CVSS 9.8

New critical Fabian Scholars Tracking System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2026-22769 KEV

Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2019-25362 CVSS 9.3

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by ov...

CVE-2019-25364 CVSS 9.3

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code.

CVE-2025-14009 CVSS 10

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions.

CVE-2025-70150 CVSS 9.8

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthentica...

CVE-2025-70152 CVSS 9.8

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin...

CVE-2026-23491 CVSS 9.3

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-25548 CVSS 9.1

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments.

CVE-2026-27174 CVSS 9.3

MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature.

CVE-2026-27175 CVSS 9.2

MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php.

CVE-2026-27180 CVSS 9.3

MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update U...

View critical disclosures

cvelogic Threat Intelligence