May 12, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 7 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2021-28799
QNAP NAS Improper Authorization
- CVSS 10
- Potential privilege escalation to admin/root
New critical QNAP Network Attached Storage (NAS) privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-13873
Codologic Codoforum SQL Injection
New critical Codologic Codoforum SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-35198
An issue was discovered in Wind River VxWorks 7.
New critical Oracle Communications Eagle Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authe...
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
An issue was discovered in Wind River VxWorks 7.
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl.
QNAP NAS Improper Authorization
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1.
An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1.
View critical disclosures
cvelogic
Threat Intelligence