Feb 20, 2026 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Roundcube Webmail: 2 CVEs added to CISA KEV today.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2025-49113
RoundCube Webmail Deserialization of Untrusted Data
- Actively exploited (CISA KEV)
- Listed on CISA KEV
- Remote code execution exposure
Roundcube Webmail RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2021-35402
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command in...
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2026-2038
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability.
- CVSS 9.8
- Authentication bypass — unauthenticated access risk
New critical Gfi Archiver Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
RoundCube Webmail Cross-site Scripting
RoundCube Webmail Deserialization of Untrusted Data
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by su...
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the...
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability.
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability.
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a cr...
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no ca...
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN com...
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via th...
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppService...
Kargo manages and automates the promotion of software artifacts.
View critical disclosures
cvelogic
Threat Intelligence