Apr 27, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2019-25042 Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.

  • CVSS 9.8

New critical Debian Linux Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-22001 Homeautomation Project Homeautomation Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Homeautomation Project Homeautomation Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-36326 Phpmailer Project Phpmailer Deserialization

  • CVSS 9.8

New critical Phpmailer Project Phpmailer Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2019-25039 CVSS 9.8

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.

CVE-2019-25042 CVSS 9.8

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.

CVE-2020-22001 CVSS 9.8

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header...

CVE-2020-36326 CVSS 9.8

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname.

CVE-2021-20716 CVSS 9.8

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B...

CVE-2021-27480 CVSS 9.8

Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker t...

CVE-2021-29200 CVSS 9.8

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

CVE-2021-30128 CVSS 9.8

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

CVE-2021-30642 CVSS 9.8

An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or...

View critical disclosures

cvelogic Threat Intelligence