Apr 30, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Moodle: public exploit or PoC linked
  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2016-4971 Canonical Pan-os

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Active exploit activity

CVE-2019-3810 Moodle

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2020-24918 Ambarella Oryx Rtsp Server Buffer Overflow

  • CVSS 9.8

New critical Ambarella Oryx Rtsp Server Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2019-3810 Exploit

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions.

CVE-2016-4971 Exploit

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-24918 CVSS 9.8

A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted R...

CVE-2021-28959 CVSS 9.8

Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive.

CVE-2021-31870 CVSS 9.8

An issue was discovered in klibc before 2.0.9.

CVE-2021-31872 CVSS 9.8

An issue was discovered in klibc before 2.0.9.

CVE-2021-31873 CVSS 9.8

An issue was discovered in klibc before 2.0.9.

View critical disclosures

cvelogic Threat Intelligence