Home
» Risk & Exploitation
» Daily threat intelligence
» Apr 9, 2026
Apr 9, 2026 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Meta React Server Components: public exploit or PoC linked (RCE)
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2025-55182
Meta React Server Components Remote Code Execution
Public exploit or PoC available
Exploit activity linked
Remote code execution exposure
Meta React Server Components RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
Public exploit or PoC available
Exploit activity linked
Romm.app Romm XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2026-40089
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming.
New critical Sonicverse Radio Audio Streaming Stack SSRF (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Meta React Server Components Remote Code Execution
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface.
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary...
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache...
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated,...
A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an una...
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised...
PraisonAI is a multi-agent teams system.
Sonicverse is a Self-hosted Docker Compose stack for live radio streaming.
PraisonAIAgents is a multi-agent teams system.
PraisonAI is a multi-agent teams system.
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropri...
View critical disclosures
cvelogic
Threat Intelligence