Sep 10, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-24040 Facebook Parlai RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Facebook Parlai RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-34344 A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2.

  • CVSS 9.8

New critical Qnap Qusbcam2 Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-34345 Qnap Ej1600 Firmware Buffer Overflow

  • CVSS 9.8

New critical Qnap Ej1600 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-24040 CVSS 9.8

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide mali...

CVE-2021-28813 CVSS 9.6

New critical Qnap Qsw-m2116p-2t2s Firmware exposure disclosed.

CVE-2021-34344 CVSS 9.8

A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2.

CVE-2021-34345 CVSS 9.8

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.

CVE-2021-34346 CVSS 9.8

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion.

CVE-2021-3645 CVSS 9.8

merge is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-37422 CVSS 9.8

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases.

CVE-2021-37423 CVSS 9.8

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

CVE-2021-40373 CVSS 9.8

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then exe...

CVE-2021-40864 CVSS 9.8

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

View critical disclosures

cvelogic Threat Intelligence