Apr 14, 2026 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Microsoft SharePoint Server: 2 CVEs added to CISA KEV today.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2009-0238
Microsoft Office Remote Code Execution
- Actively exploited (CISA KEV)
- Listed on CISA KEV
- Remote code execution exposure
Microsoft Office RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2026-35031
Jellyfin is an open source self hosted media server.
New critical Jellyfin Path Traversal (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2026-33824
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Microsoft SharePoint Server Improper Input Validation
Microsoft Office Remote Code Execution
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in a...
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary...
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers.
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in a...
Jellyfin is an open source self hosted media server.
Jellyfin is an open source self hosted media server.
NuGet Gallery is a package repository that powers nuget.org.
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype...
View critical disclosures
cvelogic
Threat Intelligence