Jul 12, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-18544 Wms Project Wms SQL Injection

  • CVSS 9.8

New critical Wms Project Wms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-18980 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

  • CVSS 9.8
  • Remote code execution exposure

New critical Halo RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-21132 SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

  • CVSS 9.8

New critical Metinfo SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-18544 CVSS 9.8

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".

CVE-2020-18980 CVSS 9.8

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.

CVE-2020-19038 CVSS 9.1

File Deletion vulnerability in Halo 0.4.3 via delBackup.

CVE-2020-21132 CVSS 9.8

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

CVE-2020-21133 CVSS 9.8

SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpassword.php?lang=cn&a=dovalid.

CVE-2021-23389 CVSS 9.8

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

CVE-2021-23390 CVSS 9.8

The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.

CVE-2021-24385 CVSS 9.8

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HT...

CVE-2021-24442 CVSS 9.8

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] P...

CVE-2021-35064 CVSS 9.8

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo.

View critical disclosures

cvelogic Threat Intelligence