Jul 22, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-7388 Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component.

  • CVSS 10
  • Remote code execution exposure

New critical Sage Adxadmin RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-25205 E-commerce Website Project E-commerce Website SQL Injection

  • CVSS 9.8

New critical E-commerce Website Project E-commerce Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-25209 Theme Park Ticketing System Project Theme Park Ticketing System SQL Injection

  • CVSS 9.8

New critical Theme Park Ticketing System Project Theme Park Ticketing System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-7388 CVSS 10

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component.

CVE-2021-25205 CVSS 9.8

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via t...

CVE-2021-25209 CVSS 9.8

SQL injection vulnerability in SourceCodester Theme Park Ticketing System v 1.0 allows remote attackers to execute arbitrary SQL statemen...

CVE-2021-25210 CVSS 9.8

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the...

CVE-2021-25211 CVSS 9.8

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file uplo...

CVE-2021-25212 CVSS 9.8

SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements,...

CVE-2021-25213 CVSS 9.8

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements,...

CVE-2021-26223 CVSS 9.8

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL st...

CVE-2021-35464 CVSS 9.8

ForgeRock Access Management (AM) Core Server Remote Code Execution

CVE-2021-35942 CVSS 9.1

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c)...

View critical disclosures

cvelogic Threat Intelligence