May 17, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Ipfire: public exploit or PoC linked (privilege escalation)
- 5 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2013-3893
Microsoft Internet Explorer Resource Management Errors
- Public exploit or PoC available
- Exploit activity linked
Microsoft Internet Explorer Use-After-Free now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
- Public exploit or PoC available
- Exploit activity linked
- Potential privilege escalation to admin/root
Ipfire privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-24314
Boostifythemes Goto SQL Injection
- CVSS 9.8
- Internet-facing CMS deployments affected
New critical Boostifythemes Goto SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account.
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess...
Microsoft Internet Explorer Resource Management Errors
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
IBM Planning Analytics Local 2.0 connects to a MongoDB server.
IBM Planning Analytics Local 2.0 connects to a Redis server.
The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it...
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the cr...
SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password.
View critical disclosures
cvelogic
Threat Intelligence