Oct 6, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apache HTTP Server: public exploit or PoC linked (Path Traversal)
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Atlassian Jira Server And Data Center Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-39327 Ait-pro Bulletproof Security Info Disclosure

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Critical exposure

CVE-2020-21651 Myucms Project Myucms RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Myucms Project Myucms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-39327 Exploit

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly...

CVE-2021-26086 Exploit

Atlassian Jira Server and Data Center Path Traversal

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-21648 CVSS 9.1

WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

CVE-2020-21651 CVSS 9.8

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the...

CVE-2020-21652 CVSS 9.8

Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via th...

CVE-2020-21653 CVSS 9.1

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() m...

CVE-2021-29798 CVSS 9.8

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection.

CVE-2021-29903 CVSS 9.8

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection.

CVE-2021-29908 CVSS 9.8

The IBM TS7700 Management Interface is vulnerable to unauthenticated access.

CVE-2021-38923 CVSS 9.1

IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs.

CVE-2021-41128 CVSS 9.1

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases.

View critical disclosures

cvelogic Threat Intelligence