Jun 10, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-23302 Jerryscript Use-After-Free

  • CVSS 9.8

New critical Jerryscript Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-25948 Expand-hash Project Expand-hash RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Expand-hash Project Expand-hash RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-25949 Set-getter Project Set-getter RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Set-getter Project Set-getter RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-23302 CVSS 9.8

There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0

CVE-2020-23303 CVSS 9.8

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.

CVE-2020-23306 CVSS 9.8

There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.

CVE-2020-23321 CVSS 9.8

There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.

CVE-2020-23323 CVSS 9.8

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.

CVE-2021-25948 CVSS 9.8

Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may l...

CVE-2021-25949 CVSS 9.8

Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote co...

CVE-2021-26691 CVSS 9.8

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

CVE-2021-34363 CVSS 9.1

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archi...

View critical disclosures

cvelogic Threat Intelligence