May 24, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Shopizer: public exploit or PoC linked (XSS)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-33561 Shopizer XSS

  • Public exploit or PoC available
  • Exploit activity linked

Shopizer XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-33562 Shopizer XSS

  • Public exploit or PoC available
  • Exploit activity linked

Shopizer XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2019-12348 An issue was discovered in zzcms 2019.

  • CVSS 9.8

New critical Zzcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-33561 Exploit

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTM...

CVE-2021-33562 Exploit

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or...

CVE-2021-24299 Exploit

The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations.

CVE-2019-19208 Exploit

Codiad Web IDE through 2.8.4 allows PHP Code injection.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-20907 CVSS 9.1

MetInfo 7.0 beta is affected by a file modification vulnerability.

CVE-2020-28904 CVSS 9.8

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a...

CVE-2020-28907 CVSS 9.8

Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via...

CVE-2020-28908 CVSS 9.8

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

CVE-2020-28910 CVSS 9.8

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation o...

CVE-2021-20426 CVSS 9.8

IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound au...

CVE-2021-29300 CVSS 9.8

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execut...

CVE-2021-30108 CVSS 9.1

Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability.

CVE-2021-32075 CVSS 9.8

Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.

View critical disclosures

cvelogic Threat Intelligence