Sep 22, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Cloudron: public exploit or PoC linked (cross-site scripting)
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2019-13358 Opencats XXE

  • Public exploit or PoC available
  • Exploit activity linked

Opencats XXE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-40868 In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

  • Public exploit or PoC available
  • Exploit activity linked

Cloudron cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-34770 New critical Cisco Ios Xe DoS disclosed.

  • CVSS 10
  • Network edge / SD-WAN deployments affected

New critical Cisco Ios Xe DoS (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-40868 Exploit

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

CVE-2019-13358 Exploit

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2019-6288 CVSS 9.8

Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.

CVE-2021-1619 CVSS 9.8

New critical Cisco Ios Xe DoS disclosed.

CVE-2021-34727 CVSS 9.8

New critical Cisco Ios Xe Sd-wan Buffer Overflow disclosed.

CVE-2021-37925 CVSS 9.8

Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.

CVE-2021-37927 CVSS 9.8

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

CVE-2021-40684 CVSS 9.1

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoi...

View critical disclosures

cvelogic Threat Intelligence