Apr 14, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Debian Linux: public exploit or PoC linked (RCE)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2020-11023 JQuery Cross-Site Scripting (XSS)

  • Public exploit or PoC available
  • Exploit activity linked

JQuery XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-27928 Debian Linux RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Debian Linux RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-27130 Janobe Online Reviewer System Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Janobe Online Reviewer System Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-29003 Exploit

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_v...

CVE-2021-28142 Exploit

CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."

CVE-2021-27928 Exploit

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10...

CVE-2020-35775 Exploit

CITSmart before 9.1.2.23 allows LDAP Injection.

CVE-2020-11022 Exploit

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-29592 CVSS 9.8

An issue was discovered in Orchard before 1.10.

CVE-2021-27130 CVSS 9.8

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.

CVE-2021-27258 CVSS 9.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2.

CVE-2021-27705 CVSS 9.8

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a cra...

CVE-2021-27706 CVSS 9.8

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code v...

CVE-2021-27707 CVSS 9.8

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a cra...

CVE-2021-27708 CVSS 9.8

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B2...

CVE-2021-27710 CVSS 9.8

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B2...

CVE-2021-28300 CVSS 9.8

NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary...

CVE-2021-30459 CVSS 9.8

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows atta...

View critical disclosures

cvelogic Threat Intelligence