Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 13, 2021
Sep 13, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Facebook Parlai: public exploit or PoC linked (RCE)
6 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Public exploit or PoC available
Exploit activity linked
Remote code execution exposure
Facebook Parlai RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVSS 9.8
Internet-facing CMS deployments affected
New critical Ingenesis Shopp RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-33543
Geutebrueck G-cam Ebc-2110 Firmware DoS
New critical Geutebrueck G-cam Ebc-2110 Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide mali...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user doe...
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to def...
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v.
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default...
Aviatrix Controller Unrestricted Upload of File
View critical disclosures
cvelogic
Threat Intelligence