Home
» Risk & Exploitation
» Daily threat intelligence
» Jul 20, 2021
Jul 20, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Webmin: public exploit or PoC linked (cross-site scripting)
3 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Public exploit or PoC available
Exploit activity linked
Webmin cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2020-35427
Phpgurukul Employee Record Management System SQL Injection
New critical Phpgurukul Employee Record Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-2456
Oracle Business Intelligence
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process fea...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands...
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework).
View critical disclosures
cvelogic
Threat Intelligence