Sep 15, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-33690 Sap Netweaver Development Infrastructure SSRF

  • CVSS 9.9

New critical Sap Netweaver Development Infrastructure SSRF (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-33044 Dahua IP Camera Authentication Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Dahua IP Camera Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-33045 Dahua IP Camera Authentication Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Dahua IP Camera Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-21322 CVSS 9.8

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2021-33690 CVSS 9.9

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Servic...

CVE-2021-33695 CVSS 9.1

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

CVE-2021-33701 CVSS 9.1

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 201...

CVE-2021-37909 CVSS 9.8

WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry wi...

CVE-2021-37912 CVSS 9.8

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card settin...

CVE-2021-37913 CVSS 9.8

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting p...

CVE-2021-40881 CVSS 9.8

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

View critical disclosures

cvelogic Threat Intelligence