Sep 13, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Facebook Parlai: public exploit or PoC linked (RCE)
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-24040 Facebook Parlai RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Facebook Parlai RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-24493 Ingenesis Shopp RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Ingenesis Shopp RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-33543 Geutebrueck G-cam Ebc-2110 Firmware DoS

  • CVSS 9.8

New critical Geutebrueck G-cam Ebc-2110 Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-24040 Exploit

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide mali...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-24493 CVSS 9.8

The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user doe...

CVE-2021-33543 CVSS 9.8

Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to def...

CVE-2021-3666 CVSS 9.8

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVE-2021-38833 CVSS 9.8

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v.

CVE-2021-40866 CVSS 9.8

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default...

CVE-2021-40870 CVSS 9.8

Aviatrix Controller Unrestricted Upload of File

View critical disclosures

cvelogic Threat Intelligence