Aug 6, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-26606 New critical Dreamsecurity Magicline4nx.exe privilege escalation disclosed.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Dreamsecurity Magicline4nx.exe privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-36351 Care2x Hospital Information Management System SQL Injection

  • CVSS 9.8

New critical Care2x Hospital Information Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-36705 Prolink Prc2402m Firmware Command Injection

  • CVSS 9.8

New critical Prolink Prc2402m Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-28088 CVSS 9.8

An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.

CVE-2021-20597 CVSS 9.1

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmwa...

CVE-2021-26606 CVSS 9.8

New critical Dreamsecurity Magicline4nx.exe privilege escalation disclosed.

CVE-2021-36351 CVSS 9.8

SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear p...

CVE-2021-36705 CVSS 9.8

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 cont...

CVE-2021-36706 CVSS 9.8

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD c...

CVE-2021-36707 CVSS 9.8

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonof...

CVE-2021-37544 CVSS 9.8

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

CVE-2021-37549 CVSS 9.1

In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.

CVE-2021-38148 CVSS 9.8

Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.

View critical disclosures

cvelogic Threat Intelligence