May 21, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Trend Micro Apex One added to CISA KEV — confirmed in-the-wild exploitation.
  • Frangoteam Fuxa: public exploit or PoC linked (Path Traversal)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2025-34291 Langflow Origin Validation Error

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Langflow RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2026-25895 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.

  • Public exploit or PoC available
  • Exploit activity linked

Frangoteam Fuxa Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2026-34909 Ubiquiti UniFi OS Path Traversal

  • CVSS 10

New critical Ubiquiti UniFi OS Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Trend Micro Apex One (On-Premise) Directory Traversal

View KEV additions

Exploit & PoC activity

CVE-2026-4631 Exploit

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation o...

CVE-2026-25895 Exploit

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2026-33000 CVSS 9.1

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi...

CVE-2026-48207 CVSS 9.8

Deserialization of untrusted data in Apache Fory PyFory.

CVE-2026-48241 CVSS 9.2

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are c...

CVE-2026-48242 CVSS 9.2

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in imp...

CVE-2026-6960 CVSS 9.8

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpres...

CVE-2026-8134 CVSS 9.4

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when sa...

CVE-2026-9264 CVSS 9.3

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfi...

View critical disclosures

cvelogic Threat Intelligence