Sep 29, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Mooveagency Redirect 404 To Parent: public exploit or PoC linked (XSS)
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-24286 Mooveagency Redirect 404 To Parent XSS

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2021-24287 Mooveagency Select All Categories And Taxonomies\, Change Checkbox To Radio Buttons XSS

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Critical exposure

CVE-2020-12030 Emerson Wireless 1410 Gateway Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-42165 Exploit

MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinf...

CVE-2021-24286 Exploit

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputti...

CVE-2021-24287 Exploit

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not pro...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-12030 CVSS 10

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled.

CVE-2020-18683 CVSS 9.8

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling.

CVE-2020-18684 CVSS 9.8

Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number.

CVE-2020-18685 CVSS 9.8

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites re...

CVE-2021-33924 CVSS 9.8

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary componen...

CVE-2021-35943 CVSS 9.8

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control.

CVE-2021-36745 CVSS 9.8

New critical Trendmicro Serverprotect exposure disclosed.

View critical disclosures

cvelogic Threat Intelligence