Mar 12, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-3611 Honeywell Iq412 Firmware privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Honeywell Iq412 Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2025-70245 Dlink Dir-513 Firmware Buffer Overflow

  • CVSS 9.8

New critical Dlink Dir-513 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-26793 Gl-inet Ar300m16 Firmware Command Injection

  • CVSS 9.8

New critical Gl-inet Ar300m16 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-70245 CVSS 9.8

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.

CVE-2026-26793 CVSS 9.8

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function.

CVE-2026-26795 CVSS 9.8

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log...

CVE-2026-28252 CVSS 9.2

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an atta...

CVE-2026-32137 CVSS 9.3

Dataease is an open source data visualization analysis tool.

CVE-2026-32140 CVSS 9.3

Dataease is an open source data visualization analysis tool.

CVE-2026-32242 CVSS 9.1

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

CVE-2026-32248 CVSS 9.3

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

CVE-2026-32251 CVSS 9.3

Tolgee is an open-source localization platform.

CVE-2026-3611 CVSS 10

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configura...

View critical disclosures

cvelogic Threat Intelligence