Sep 8, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-32835 Eclipse Keti RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Eclipse Keti RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-26772 Ppgo Jobs Project Ppgo Jobs Command Injection

  • CVSS 9.8

New critical Ppgo Jobs Project Ppgo Jobs Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-30655 An application may be able to execute arbitrary code with system privileges.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Apple Mac Os X privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-19138 CVSS 9.8

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the com...

CVE-2020-24672 CVSS 9.8

New critical Abb Base Software exposure disclosed.

CVE-2020-26772 CVSS 9.8

Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.

CVE-2021-30655 CVSS 9.8

An application may be able to execute arbitrary code with system privileges.

CVE-2021-30678 CVSS 9.8

A logic issue was addressed with improved state management.

CVE-2021-30690 CVSS 9.8

Multiple issues in apache were addressed by updating apache to version 2.4.46.

CVE-2021-32835 CVSS 9.9

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).

CVE-2021-36440 CVSS 9.8

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the componen...

CVE-2021-40814 CVSS 9.8

The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.

CVE-2021-40818 CVSS 9.8

scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.

View critical disclosures

cvelogic Threat Intelligence