Apr 22, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Defender added to CISA KEV — confirmed in-the-wild exploitation.
  • Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share all...: public exploit or PoC linked (privilege escalation)
  • Phpmyadmin — exploitation likelihood rose sharply (EPSS 0.4% → 36% · rising (+36%)).
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Defender privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2025-67586 Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share all...

  • Public exploit or PoC available
  • Exploit activity linked
  • Potential privilege escalation to admin/root

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Emerging exploitation risk

CVE-2009-1285 Phpmyadmin

  • Exploitation likelihood sharply increased
  • EPSS 0.4% → 36% · rising (+36%)

Phpmyadmin: EPSS 0.4% → 36% · rising (+36%) — EPSS is climbing faster than peer CVEs in this window, a leading indicator even before KEV or public exploit linkage.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2026-33825 KEV

Microsoft Defender Insufficient Granularity of Access Control

View KEV additions

Exploit & PoC activity

CVE-2025-67586 Exploit

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Ac...

CVE-2025-7771 Exploit

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the...

View new exploit links

Exploitation dynamics

CVE-2009-1285 EPSS 0.4% → 36% · rising (+36%) CVSS 7.5

Phpmyadmin

CVE-2014-3931 EPSS 36% → 50% · rising (+14%) CVSS 9.8

Multi-Router Looking Glass (MRLG) Buffer Overflow

See EPSS increases

New critical disclosures

CVE-2018-25270 CVSS 9.3

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by inv...

CVE-2018-25272 CVSS 9.3

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary com...

CVE-2026-31478 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_ou...

CVE-2026-31501 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX pa...

CVE-2026-33471 CVSS 9.6

nimiq-block contains block primitives to be used in Nimiq's Rust implementation.

CVE-2026-33656 CVSS 9.1

EspoCRM is an open source customer relationship management application.

CVE-2026-34415 CVSS 9.3

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint t...

CVE-2026-41167 CVSS 9.1

Jellystat is a free and open source Statistics App for Jellyfin.

CVE-2026-41468 CVSS 9.3

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives.

CVE-2026-6356 CVSS 9.6

New critical Augmentt privilege escalation disclosed.

View critical disclosures

cvelogic Threat Intelligence