Oct 26, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-41873 Skyworth Penguin Aurora Box Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2021-38450 The affected controllers do not properly sanitize the input containing code syntax.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2011-4124 Calibre-ebook Calibre privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Calibre-ebook Calibre privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2011-4119 CVSS 9.8

caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.

CVE-2011-4124 CVSS 9.8

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privi...

CVE-2011-4125 CVSS 9.8

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execut...

CVE-2011-4574 CVSS 9.8

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm.

CVE-2021-34584 CVSS 9.1

Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a c...

CVE-2021-37371 CVSS 9.8

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.

CVE-2021-38450 CVSS 9.9

The affected controllers do not properly sanitize the input containing code syntax.

CVE-2021-41873 CVSS 10

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital.

CVE-2021-42343 CVSS 9.8

An issue was discovered in the Dask distributed package before 2021.10.0 for Python.

View critical disclosures

cvelogic Threat Intelligence