Aug 24, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-37538 Smartdatasoft Smartblog SQL Injection

  • CVSS 9.8

New critical Smartdatasoft Smartblog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-38306 Lg N1t1 Firmware Command Injection

  • CVSS 9.8

New critical Lg N1t1 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-39509 Dlink Dir-816 Firmware Command Injection

  • CVSS 9.8

New critical Dlink Dir-816 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-30856 CVSS 9.1

This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions.

CVE-2021-30925 CVSS 9.1

The issue was addressed with improved permissions logic.

CVE-2021-31009 CVSS 9.8

Multiple issues were addressed by removing HDF5.

CVE-2021-3711 CVSS 9.8

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().

CVE-2021-37538 CVSS 9.8

Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to e...

CVE-2021-38306 CVSS 9.8

Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in t...

CVE-2021-39509 CVSS 9.8

An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function...

CVE-2021-39510 CVSS 9.8

An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler functi...

CVE-2021-40084 CVSS 9.8

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters.

View critical disclosures

cvelogic Threat Intelligence