Mar 2, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-0006 Google Android RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-26706 Oretnom23 Pharmacy Point Of Sale System SQL Injection

  • CVSS 9.8

New critical Oretnom23 Pharmacy Point Of Sale System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-26707 Oretnom23 Pharmacy Point Of Sale System SQL Injection

  • CVSS 9.8

New critical Oretnom23 Pharmacy Point Of Sale System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-48609 CVSS 9.1

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS funct...

CVE-2026-0006 CVSS 9.8

In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow.

CVE-2026-2628 CVSS 9.8

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions...

CVE-2026-26706 CVSS 9.8

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.

CVE-2026-26707 CVSS 9.8

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.

CVE-2026-26709 CVSS 9.8

code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php.

CVE-2026-26710 CVSS 9.8

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php.

CVE-2026-26711 CVSS 9.8

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php.

CVE-2026-26712 CVSS 9.8

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php.

CVE-2026-26713 CVSS 9.8

code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php.

View critical disclosures

cvelogic Threat Intelligence