Sep 7, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2021-39199
remark-html is an open source nodejs library which compiles Markdown to HTML.
New critical Remark-html cross-site scripting (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-19853
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
New critical Bluecms Project Bluecms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-37716
Arubanetworks Arubaos Buffer Overflow
New critical Arubanetworks Arubaos Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An issue was discovered in gpac 0.8.0.
BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to...
Nextcloud server is an open source, self hosted personal cloud.
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore...
In Apache Dubbo, users may choose to use the Hessian protocol.
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s):...
remark-html is an open source nodejs library which compiles Markdown to HTML.
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
Zoho ManageEngine ADSelfService Plus Authentication Bypass
View critical disclosures
cvelogic
Threat Intelligence