Oct 1, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Progress Whatsupgold: public exploit or PoC linked
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-41318 Progress Whatsupgold

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2020-21012 Hotel And Lodge Booking Management System Project Hotel And Lodge Booking Management System SQL Injection

  • CVSS 9.8

New critical Hotel And Lodge Booking Management System Project Hotel And Lodge Booking Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-40960 Galera Webtemplate Directory Traversal

  • CVSS 9.8

New critical Galera Webtemplate Directory Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-41318 Exploit

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-21012 CVSS 9.8

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to exe...

CVE-2021-3825 CVSS 9.6

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API.

CVE-2021-40960 CVSS 9.8

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.

CVE-2021-41110 CVSS 9.1

cwlviewer is a web application to view and share Common Workflow Language workflows.

CVE-2021-41647 CVSS 9.1

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0.

CVE-2021-41649 CVSS 9.8

An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter.

CVE-2021-41862 CVSS 9.8

AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).

View critical disclosures

cvelogic Threat Intelligence