Sep 7, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-39199 remark-html is an open source nodejs library which compiles Markdown to HTML.

  • CVSS 10

New critical Remark-html cross-site scripting (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-19853 BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.

  • CVSS 9.8

New critical Bluecms Project Bluecms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-37716 Arubanetworks Arubaos Buffer Overflow

  • CVSS 9.8

New critical Arubanetworks Arubaos Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-19853 CVSS 9.8

BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.

CVE-2020-7819 CVSS 9.3

A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to...

CVE-2021-32802 CVSS 9.3

Nextcloud server is an open source, self hosted personal cloud.

CVE-2021-35946 CVSS 9.8

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore...

CVE-2021-36163 CVSS 9.8

In Apache Dubbo, users may choose to use the Hessian protocol.

CVE-2021-37716 CVSS 9.8

A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s):...

CVE-2021-39199 CVSS 10

remark-html is an open source nodejs library which compiles Markdown to HTML.

CVE-2021-39497 CVSS 9.8

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.

CVE-2021-40539 CVSS 9.8

Zoho ManageEngine ADSelfService Plus Authentication Bypass

View critical disclosures

cvelogic Threat Intelligence