Home
» Risk & Exploitation
» Daily threat intelligence
» Feb 5, 2025
Feb 5, 2025 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Linux Kernel added to CISA KEV — confirmed in-the-wild exploitation.
7 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-53104
Linux Kernel Out-of-Bounds Write
Actively exploited (CISA KEV)
Listed on CISA KEV
Linux Kernel Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2025-20124
New critical Cisco Identity Services Engine Deserialization disclosed.
CVSS 9.9
Network edge / SD-WAN deployments affected
New critical Cisco Identity Services Engine Deserialization (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-36084
Jkev Responsive E-learning System SQL Injection
New critical Jkev Responsive E-learning System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Linux Kernel Out-of-Bounds Write
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/...
IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the syst...
The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend.
Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function.
OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.
New critical Cisco Identity Services Engine Deserialization disclosed.
New critical Cisco Identity Services Engine privilege escalation disclosed.
View critical disclosures
cvelogic
Threat Intelligence