Home
» Risk & Exploitation
» Daily threat intelligence
» May 20, 2026
May 20, 2026 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Microsoft Defender: 6 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2008-4250
Microsoft Windows Buffer Overflow
Actively exploited (CISA KEV)
Listed on CISA KEV
Microsoft Windows Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2026-48172
LiteSpeed cPanel Plugin Privilege Escalation
CVSS 10
Shared hosting environments affected
New critical LiteSpeed CPanel Plugin Privilege Escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2026-45444
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooComm...
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Defender Link Following
Microsoft Defender Denial of Service
Microsoft Internet Explorer Use-After-Free
Microsoft Internet Explorer Use-After-Free
Adobe Acrobat and Reader Heap-Based Buffer Overflow
Microsoft DirectX NULL Byte Overwrite
Microsoft Windows Buffer Overflow
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
LiteSpeed cPanel Plugin Privilege Escalation
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software.
Drupal Core SQL Injection
A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerbe...
A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path rout...
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration int...
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration in...
A missing authentication vulnerability exists in the Altium 365 SearchService.
View critical disclosures
cvelogic
Threat Intelligence