Feb 11, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apple IOS, IPadOS, And MacOS added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-22620 Apple iOS, iPadOS, and macOS Webkit Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Apple IOS, IPadOS, And MacOS RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2020-26728 Tenda Ac9 Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Tenda Ac9 Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-20001 Debian-edu-config Privilege Escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Debian-edu-config Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Apple iOS, iPadOS, and macOS Webkit Use-After-Free

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-26728 CVSS 9.8

A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code...

CVE-2021-20001 CVSS 9.8

It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure...

CVE-2021-23555 CVSS 9.8

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during...

CVE-2021-39635 CVSS 9.1

ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal a...

CVE-2021-39658 CVSS 9.8

ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the per...

CVE-2021-39675 CVSS 9.8

In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow.

CVE-2021-46361 CVSS 9.8

An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary...

CVE-2021-46362 CVSS 9.8

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allow...

CVE-2022-0097 CVSS 9.6

Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a mal...

CVE-2022-0290 CVSS 9.6

Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape...

View critical disclosures

cvelogic Threat Intelligence