May 21, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Dell Dbutil Driver: public exploit or PoC linked (DoS)
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2021-21551
Dell dbutil Driver Insufficient Access Control
- Public exploit or PoC available
- Exploit activity linked
Dell Dbutil Driver DoS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2021-26855
Microsoft Exchange Server Remote Code Execution
- Public exploit or PoC available
- Exploit activity linked
- Enterprise mail systems at risk
Exchange-class mail edge with renewed exploit interest — historically attracts opportunistic and targeted campaigns after PoC release.
Critical exposure
New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Dell dbutil Driver Insufficient Access Control
Microsoft Exchange Server Remote Code Execution
Oracle Solaris and Zettabyte File System (ZFS) Unspecified
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
A flaw was found in libwebp in versions before 1.0.1.
A flaw was found in libwebp in versions before 1.0.1.
A flaw was found in libwebp in versions before 1.0.1.
A flaw was found in libwebp in versions before 1.0.1.
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transf...
View critical disclosures
cvelogic
Threat Intelligence