Feb 19, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Senkas Kolibri — exploitation likelihood rose sharply (EPSS 33% → 51% · rising (+19%)).
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Emerging exploitation risk

CVE-2014-4158 Senkas Kolibri Buffer Overflow

  • Exploitation likelihood sharply increased
  • EPSS 33% → 51% · rising (+19%)

Senkas Kolibri: EPSS 33% → 51% · rising (+19%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Emerging exploitation risk

CVE-2005-4714 Openvmps

  • Exploitation likelihood sharply increased
  • EPSS 6.5% → 17% · rising (+11%)

Openvmps: EPSS 6.5% → 17% · rising (+11%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Critical exposure

CVE-2026-26030 Microsoft Semantic Kernel RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Microsoft Semantic Kernel RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

CVE-2014-4158 EPSS 33% → 51% · rising (+19%) CVSS 7.5

Senkas Kolibri Buffer Overflow

CVE-2005-4714 EPSS 6.5% → 17% · rising (+11%) CVSS 7.5

Openvmps

See EPSS increases

New critical disclosures

CVE-2025-67304 CVSS 9.8

In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contains hardcoded credentials for the ruckus PostgreSQL database user.

CVE-2025-67305 CVSS 9.8

In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contains hardcoded SSH keys for the postgres user.

CVE-2025-71243 CVSS 9.3

The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vul...

CVE-2026-2409 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument...

CVE-2026-24834 CVSS 9.3

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like c...

CVE-2026-26016 CVSS 9.2

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel.

CVE-2026-26030 CVSS 9.9

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifica...

CVE-2026-26339 CVSS 9.3

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection v...

CVE-2026-27475 CVSS 9.2

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept...

CVE-2026-27476 CVSS 9.3

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UD...

View critical disclosures

cvelogic Threat Intelligence