May 27, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Postbird Project Postbird: public exploit or PoC linked (cross-site scripting)
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-33570 Postbird Project Postbird cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

Postbird Project Postbird cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-22891 Citrix Sharefile Storagezones Controller privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Citrix Sharefile Storagezones Controller privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-22911 Rocket.chat SQL Injection

  • CVSS 9.8

New critical Rocket.chat SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-33570 Exploit

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-12403 CVSS 9.1

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55.

A flaw was found in the mysql-wsrep component of mariadb.

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notif...

CVE-2021-22891 CVSS 9.8

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18...

CVE-2021-22911 CVSS 9.8

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injec...

CVE-2021-27852 CVSS 9.8

Checkbox Survey Deserialization of Untrusted Data

CVE-2021-31535 CVSS 9.8

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code.

CVE-2021-33590 CVSS 9.8

GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.

View critical disclosures

cvelogic Threat Intelligence