Sep 1, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Atlassian Confluence Server And Data Center: public exploit or PoC linked
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2021-26084
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection
- Public exploit or PoC available
- Exploit activity linked
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
CVE-2021-34746
New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation disclosed.
- CVSS 9.8
- Network edge / SD-WAN deployments affected
New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-40350
Christiedigital Dwu850-gs Firmware Auth Bypass
- CVSS 9.8
- Authentication bypass — unauthenticated access risk
New critical Christiedigital Dwu850-gs Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
New critical Cisco Enterprise Nfv Infrastructure Software privilege escalation disclosed.
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper author...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerabil...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validatio...
Http4s is a minimal, idiomatic Scala interface for HTTP services.
webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containin...
View critical disclosures
cvelogic
Threat Intelligence