Apr 27, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-33453 Apache Camel RCE

  • CVSS 10
  • Remote code execution exposure

New critical Apache Camel RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-31255 A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi.

  • CVSS 9.8

New critical Tenda Ac18 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-35903 Mercurycom Mipc252w Firmware

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-46636 CVSS 9.4

NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in t...

CVE-2026-22336 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Inje...

CVE-2026-22337 CVSS 9.8

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Direc...

CVE-2026-30352 CVSS 9.8

A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to ex...

CVE-2026-31255 CVSS 9.8

A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi.

CVE-2026-32644 CVSS 9.2

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

CVE-2026-33453 CVSS 10

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.

CVE-2026-35903 CVSS 9.8

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service.

CVE-2026-40976 CVSS 9.1

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints.

CVE-2026-41462 CVSS 9.3

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login v...

View critical disclosures

cvelogic Threat Intelligence