Jun 17, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Zohocorp Manageengine Servicedesk Plus Msp: public exploit or PoC linked
  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-31159 Zohocorp Manageengine Servicedesk Plus Msp

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2021-21777 Opener Project Opener Info Disclosure

  • CVSS 10

New critical Opener Project Opener Info Disclosure (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-34809 Synology Download Station Command Injection

  • CVSS 9.9

New critical Synology Download Station Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-31159 Exploit

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in t...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2013-20002 CVSS 9.8

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin...

CVE-2020-25414 CVSS 9.8

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arb...

CVE-2021-21777 CVSS 10

An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development...

CVE-2021-34809 CVSS 9.9

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synolog...

CVE-2021-34810 CVSS 9.9

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated...

View critical disclosures

cvelogic Threat Intelligence