Dec 8, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-21950 Anker Eufy Homebase 2 Firmware Code Execution

  • CVSS 10
  • Remote code execution exposure

New critical Anker Eufy Homebase 2 Firmware Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-21951 Anker Eufy Homebase 2 Firmware Code Execution

  • CVSS 10
  • Remote code execution exposure

New critical Anker Eufy Homebase 2 Firmware Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-38503 Debian Linux

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-27416 CVSS 9.8

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers t...

CVE-2021-21950 CVSS 10

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker...

CVE-2021-21951 CVSS 10

An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker...

CVE-2021-23859 CVSS 9.1

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash.

CVE-2021-3815 CVSS 9.8

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-38503 CVSS 10

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scri...

CVE-2021-4048 CVSS 9.1

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used i...

CVE-2021-41063 CVSS 9.8

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated atta...

CVE-2021-43527 CVSS 9.8

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or R...

CVE-2021-44529 CVSS 9.8

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection

View critical disclosures

cvelogic Threat Intelligence