Oct 4, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Payara Micro Community: public exploit or PoC linked (Directory Traversal)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-41381 Payara Micro Community 5.2021.6 and below allows Directory Traversal.

  • Public exploit or PoC available
  • Exploit activity linked

Payara Micro Community Directory Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-23856 Bosch Rexroth Indramotion Mlc L20 Firmware cross-site scripting

  • CVSS 10

New critical Bosch Rexroth Indramotion Mlc L20 Firmware cross-site scripting (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-23857 Bosch Rexroth Indramotion Mlc L20 Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-41381 Exploit

Payara Micro Community 5.2021.6 and below allows Directory Traversal.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-23856 CVSS 10

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sendin...

CVE-2021-23857 CVSS 10

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the pass...

CVE-2021-35296 CVSS 9.8

An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of th...

CVE-2021-37333 CVSS 9.8

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management.

CVE-2021-38823 CVSS 9.8

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue.

CVE-2021-40323 CVSS 9.8

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for templat...

CVE-2021-41511 CVSS 9.8

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection t...

CVE-2021-41591 CVSS 9.4

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.

CVE-2021-41592 CVSS 9.4

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.

CVE-2021-41868 CVSS 9.8

OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functiona...

View critical disclosures

cvelogic Threat Intelligence