Jun 25, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Seeddms: public exploit or PoC linked (RCE)
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2019-12744 Seeddms RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Seeddms RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-35049 Fidelissecurity Deception Command Injection

  • CVSS 9.9

New critical Fidelissecurity Deception Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-35047 Fidelissecurity Deception

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2019-12744 Exploit

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-28958 CVSS 9.8

Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password.

CVE-2021-34074 CVSS 9.8

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.

CVE-2021-34184 CVSS 9.8

Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.

CVE-2021-34427 CVSS 9.8

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (cu...

CVE-2021-35047 CVSS 9.9

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level a...

CVE-2021-35048 CVSS 9.8

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface.

CVE-2021-35049 CVSS 9.9

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface.

CVE-2021-35502 CVSS 9.8

app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanitize certain data related to generic-t...

View critical disclosures

cvelogic Threat Intelligence