Apr 13, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 4 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Visual Basic For Applications (VBA) privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2026-27681 Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Busin...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-6264 Talend Esb Runtime RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Talend Esb Runtime RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Exchange Server Deserialization of Untrusted Data

Microsoft Visual Basic for Applications Insecure Library Loading

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-22562 CVSS 9.8

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to writ...

CVE-2026-22563 CVSS 9.8

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play...

CVE-2026-22564 CVSS 9.8

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauth...

CVE-2026-27681 CVSS 9.9

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can...

CVE-2026-31048 CVSS 9.8

An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled stri...

CVE-2026-40042 CVSS 9.3

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exp...

CVE-2026-40044 CVSS 9.3

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malici...

CVE-2026-4365 CVSS 9.1

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question...

CVE-2026-6100 CVSS 9.1

Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fai...

CVE-2026-6264 CVSS 9.8

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring p...

View critical disclosures

cvelogic Threat Intelligence