Aug 9, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-32798 The Jupyter notebook is a web-based notebook environment for interactive computing.

  • CVSS 10

New critical Jupyter Notebook cross-site scripting (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2013-6276 QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Qnap Viocard-100 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2014-9320 Sap Businessobjects Edge privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Sap Businessobjects Edge privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2013-6276 CVSS 9.8

QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files.

CVE-2014-9320 CVSS 9.8

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYST...

CVE-2020-23151 CVSS 9.8

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter...

CVE-2021-21564 CVSS 9.8

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability.

CVE-2021-21585 CVSS 9.1

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools.

CVE-2021-21596 CVSS 9.6

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a...

CVE-2021-22910 CVSS 9.8

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which co...

CVE-2021-24499 CVSS 9.8

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform...

CVE-2021-24507 CVSS 9.8

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_paginati...

CVE-2021-32798 CVSS 10

The Jupyter notebook is a web-based notebook environment for interactive computing.

View critical disclosures

cvelogic Threat Intelligence