Apr 6, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Fortinet FortiClient EMS added to CISA KEV — confirmed in-the-wild exploitation.
  • Fortinet FortiWeb: public exploit or PoC linked (Path Traversal)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-35616 Fortinet FortiClient EMS Improper Access Control

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Active exploit activity

CVE-2025-4123 Grafana Path Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Grafana Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2025-54328 Samsung Exynos 1080 Firmware Buffer Overflow

  • CVSS 10

New critical Samsung Exynos 1080 Firmware Buffer Overflow (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2025-55315 Exploit

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass...

CVE-2025-59254 Exploit

Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2025-34040 Exploit

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface.

CVE-2025-4123 Exploit

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect.

CVE-2025-4524 Exploit

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versi...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-54328 CVSS 10

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1...

CVE-2025-58349 CVSS 9.1

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 13...

CVE-2026-35050 CVSS 9.1

text-generation-webui is an open-source web interface for running Large Language Models.

CVE-2026-35171 CVSS 9.8

Kedro is a toolbox for production-ready data science.

CVE-2026-35174 CVSS 9.1

Chyrp Lite is an ultra-lightweight blogging engine.

CVE-2026-35178 CVSS 9.3

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs.

CVE-2026-35459 CVSS 9.3

pyLoad is a free and open-source download manager written in Python.

View critical disclosures

cvelogic Threat Intelligence