Home
» Risk & Exploitation
» Daily threat intelligence
» May 25, 2021
May 25, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2021-25944
Deep-defaults Project Deep-defaults RCE
CVSS 9.8
Remote code execution exposure
New critical Deep-defaults Project Deep-defaults RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-25946
Nconf-toml Project Nconf-toml RCE
CVSS 9.8
Remote code execution exposure
New critical Nconf-toml Project Nconf-toml RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-30193
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
New critical Codesys 750-8202 Firmware Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Possible read out of bounds in dns read.
Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may le...
Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may le...
CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of u...
View critical disclosures
cvelogic
Threat Intelligence