Dec 15, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-4102 Google Chromium V8 Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Google Chromium V8 Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2021-27856 Fatpipeinc Ipvpn Firmware privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Fatpipeinc Ipvpn Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-44350 Thinkphp SQL Injection

  • CVSS 9.8

New critical Thinkphp SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-27856 CVSS 9.8

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administ...

CVE-2021-36888 CVSS 9.8

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (ver...

CVE-2021-39641 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A

CVE-2021-39644 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A

CVE-2021-39645 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A

CVE-2021-39655 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A

CVE-2021-4119 CVSS 9.8

bookstack is vulnerable to Improper Access Control

CVE-2021-43834 CVSS 9.1

eLabFTW is an electronic lab notebook manager for research teams.

CVE-2021-44350 CVSS 9.8

SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php.

CVE-2021-45092 CVSS 9.8

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath param...

View critical disclosures

cvelogic Threat Intelligence