Jun 3, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Chiyu-tech Bf-430 Firmware: public exploit or PoC linked (Auth Bypass)
  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-27308 4homepages 4images XSS

  • Public exploit or PoC available
  • Exploit activity linked

4homepages 4images XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-27519 Fudforum XSS

  • Public exploit or PoC available
  • Exploit activity linked

Fudforum XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-25947 Nestie Project Nestie RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Nestie Project Nestie RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-31251 Exploit

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allow...

CVE-2021-31642 Exploit

A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass,...

CVE-2021-27308 Exploit

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript v...

CVE-2021-27519 Exploit

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.

CVE-2021-27520 Exploit

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.

CVE-2021-28420 Exploit

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" par...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-22333 CVSS 9.8

There is an Improper Validation of Array Index vulnerability in Huawei Smartphone.

CVE-2021-25947 CVSS 9.8

Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1.0.0 allows an attacker to cause a denial of service and may lead t...

CVE-2021-33806 CVSS 9.8

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputSt...

View critical disclosures

cvelogic Threat Intelligence