May 20, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Defender: 6 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2008-4250 Microsoft Windows Buffer Overflow

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Microsoft Windows Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation

  • CVSS 10
  • Shared hosting environments affected

New critical LiteSpeed CPanel Plugin Privilege Escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2026-45444 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooComm...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Adobe Acrobat and Reader Heap-Based Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-45444 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.

CVE-2026-47372 CVSS 9.1

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.

CVE-2026-8631 CVSS 9.3

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software.

CVE-2026-9102 CVSS 9.4

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerbe...

CVE-2026-9129 CVSS 9.4

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path rout...

CVE-2026-9139 CVSS 9.3

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration int...

CVE-2026-9141 CVSS 9.3

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration in...

CVE-2026-9152 CVSS 10

A missing authentication vulnerability exists in the Altium 365 SearchService.

View critical disclosures

cvelogic Threat Intelligence