Jun 14, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Accela Civic Platform: public exploit or PoC linked (cross-site scripting)
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
- Public exploit or PoC available
- Exploit activity linked
Glpi-project Glpi CSRF now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2021-34370
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.
- Public exploit or PoC available
- Exploit activity linked
Accela Civic Platform cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-0324
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information vi...
Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS.
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.
Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated att...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI.
View critical disclosures
cvelogic
Threat Intelligence