Vendor, status, exposure, timing, and source link — all in one row.
Operations view
Microsoft
Microsoft Office Remote Code Execution
critical
activeCISA KEVCVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-28.
Apr 13, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 74.9% EPSS.
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
Apr 3, 2026, 8:16 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 41.4% EPSS.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-27.
Apr 12, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 76.2% EPSS.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
critical
activeCISA KEVCVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-11.
Apr 7, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 70.8% EPSS.
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.
Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including
BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).
An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.
Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().
This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3.
Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue
Prioritize validation and remediation immediately. This item is flagged as actively exploited or treated as urgent watch material.
Apr 7, 2026, 4:16 AM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 65.1% EPSS.
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-16.
Apr 12, 2026, 7:00 PM
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 43.1% EPSS.
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-28.
criticalCVE-2009-0238
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 74.9% EPSS.
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Review affected assets, prioritize patch validation, and map remediation against managed client inventory.
CRITICALCVE-2026-35616
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 41.4% EPSS.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-27.
criticalCVE-2020-9715
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 76.2% EPSS.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-11.
criticalCVE-2026-1340
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 70.8% EPSS.
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ.
Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including
BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String).
An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext.
Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec().
This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3.
Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue
Prioritize validation and remediation immediately. This item is flagged as actively exploited or treated as urgent watch material.
HIGHCVE-2026-34197
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 65.1% EPSS.
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-04-16.
criticalCVE-2026-21643
Critical
Priority score blends severity, KEV, recency, source signal, and EPSS where available. 43.1% EPSS.
Quick answers to the questions we hear most often about Threat Radar.
What is the ITECS MSP Threat Radar?
It is a self-updating resource hub that combines official threat feeds, vendor advisories, and live service incidents into one operational watch page for Dallas-area business teams.
Which sources does Threat Radar track?
The feed is built from official sources including CISA Known Exploited Vulnerabilities, the National Vulnerability Database, Microsoft Security Update Guide, Cisco advisories, Fortinet PSIRT, Cloudflare Status, Vercel Status for Next.js hosting operations, and Google Workspace Status.
How should businesses use Threat Radar?
Use it to spot active issues faster, validate whether they affect Microsoft 365, Cisco, Fortinet, or core SaaS dependencies, and then move into assessment, remediation, or managed support planning.
Can ITECS help after an item appears on Threat Radar?
Yes. ITECS can help translate the alert into patch prioritization, compensating controls, vendor-specific action plans, and broader managed cybersecurity or managed IT follow-through.
