May 25, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-25944 Deep-defaults Project Deep-defaults RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Deep-defaults Project Deep-defaults RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-25946 Nconf-toml Project Nconf-toml RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Nconf-toml Project Nconf-toml RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-30193 CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

  • CVSS 9.8

New critical Codesys 750-8202 Firmware Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-21658 CVSS 9.1

Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2021-25944 CVSS 9.8

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may le...

CVE-2021-25946 CVSS 9.8

Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 through 0.0.2 allows an attacker to cause a denial of service and may le...

CVE-2021-30190 CVSS 9.8

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVE-2021-30192 CVSS 9.8

CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.

CVE-2021-30193 CVSS 9.8

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.

CVE-2021-30194 CVSS 9.1

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.

CVE-2021-33574 CVSS 9.8

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.

CVE-2021-33575 CVSS 9.8

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of u...

View critical disclosures

cvelogic Threat Intelligence