Jun 14, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Accela Civic Platform: public exploit or PoC linked (cross-site scripting)

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2020-11060 In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.

  • Public exploit or PoC available
  • Exploit activity linked

Glpi-project Glpi CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-34370 Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.

  • Public exploit or PoC available
  • Exploit activity linked

Accela Civic Platform cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-0324 Product: AndroidVersions: Android SoCAndroid ID: A-175402462

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-34369 Exploit

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information vi...

CVE-2021-34370 Exploit

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.

CVE-2020-11060 Exploit

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.

CVE-2018-15139 Exploit

Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated att...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-0324 CVSS 9.8

Product: AndroidVersions: Android SoCAndroid ID: A-175402462

CVE-2021-32682 CVSS 9.8

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI.

View critical disclosures

cvelogic Threat Intelligence