May 10, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2026-6722 Php

  • CVSS 9.5

New critical disclosure (CVSS 9.5) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2021-47933 Inspireui Mstore Api RCE

  • CVSS 9.3
  • Internet-facing CMS deployments affected

New high-severity Inspireui Mstore Api RCE — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

High-risk exposure

CVE-2021-47936 Opencats RCE

  • CVSS 9.3
  • Remote code execution exposure

New high-severity Opencats RCE — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-47923 CVSS 9.3

OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values in...

CVE-2021-47932 CVSS 9.3

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrat...

CVE-2021-47933 CVSS 9.3

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious file...

CVE-2021-47936 CVSS 9.3

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uplo...

CVE-2021-47940 CVSS 9.3

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated...

CVE-2026-6722 CVSS 9.5

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object dedupl...

View critical disclosures

cvelogic Threat Intelligence