Apr 9, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Meta React Server Components: public exploit or PoC linked (RCE)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2025-55182 Meta React Server Components Remote Code Execution

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Meta React Server Components RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2025-65027 Romm.app Romm XSS

  • Public exploit or PoC available
  • Exploit activity linked

Romm.app Romm XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2026-40089 Sonicverse is a Self-hosted Docker Compose stack for live radio streaming.

  • CVSS 9.9

New critical Sonicverse Radio Audio Streaming Stack SSRF (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2025-55182 Exploit

Meta React Server Components Remote Code Execution

CVE-2025-65027 Exploit

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-13926 CVSS 9.3

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary...

CVE-2026-29145 CVSS 9.1

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache...

CVE-2026-33771 CVSS 9.1

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated,...

CVE-2026-33784 CVSS 9.3

A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an una...

CVE-2026-34424 CVSS 9.3

Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised...

CVE-2026-40089 CVSS 9.9

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming.

CVE-2026-40111 CVSS 9.3

PraisonAIAgents is a multi-agent teams system.

CVE-2026-5194 CVSS 9.3

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropri...

View critical disclosures

cvelogic Threat Intelligence