Sep 1, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Atlassian Confluence Server And Data Center: public exploit or PoC linked
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-26084 Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2021-34746 New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation disclosed.

  • CVSS 9.8
  • Network edge / SD-WAN deployments affected

New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-40350 Christiedigital Dwu850-gs Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Christiedigital Dwu850-gs Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-26084 Exploit

Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-34746 CVSS 9.8

New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation disclosed.

CVE-2021-36029 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper author...

CVE-2021-36033 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerabil...

CVE-2021-36034 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...

CVE-2021-36035 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...

CVE-2021-36040 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...

CVE-2021-36041 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...

CVE-2021-36042 CVSS 9.1

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...

CVE-2021-39185 CVSS 9.1

Http4s is a minimal, idiomatic Scala interface for HTTP services.

CVE-2021-40350 CVSS 9.8

webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containin...

View critical disclosures

cvelogic Threat Intelligence