Jan 14, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-24044 Facebook Hermes RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Facebook Hermes RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-39623 Google Android memory safety

  • CVSS 9.8

New critical Google Android memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-0224 dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

  • CVSS 9.8

New critical Dolibarr Erp\/crm SQL injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-1049 CVSS 9.8

Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ID: A-204256722

CVE-2021-24044 CVSS 9.8

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes wou...

CVE-2021-28500 CVSS 9.1

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents co...

CVE-2021-28501 CVSS 9.1

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents co...

CVE-2021-28506 CVSS 9.1

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could...

CVE-2021-39623 CVSS 9.8

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check.

CVE-2021-44530 CVSS 9.8

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows...

CVE-2021-45468 CVSS 9.8

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade...

CVE-2022-0224 CVSS 9.8

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CVE-2022-23227 CVSS 9.8

NUUO NVRmini2 Devices Missing Authentication

View critical disclosures

cvelogic Threat Intelligence