Jul 20, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Webmin: public exploit or PoC linked (cross-site scripting)
  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-31761 Webmin cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

Webmin cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2020-35427 Phpgurukul Employee Record Management System SQL Injection

  • CVSS 9.8

New critical Phpgurukul Employee Record Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-2456 Oracle Business Intelligence

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-31761 Exploit

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process fea...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-35427 CVSS 9.8

SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands...

CVE-2021-2456 CVSS 9.8

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

CVE-2021-2463 CVSS 9.8

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework).

View critical disclosures

cvelogic Threat Intelligence