Oct 8, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Maianscriptworld Maian Cart: public exploit or PoC linked (RCE)
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-32172 Maianscriptworld Maian Cart RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Maianscriptworld Maian Cart RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-42053 The Unicorn framework through 0.35.3 for Django allows XSS via component.name.

  • Public exploit or PoC available
  • Exploit activity linked

Django-unicorn Unicorn cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2020-22617 Ardour Use-After-Free

  • CVSS 9.8

New critical Ardour Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-32172 Exploit

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

CVE-2021-42053 Exploit

The Unicorn framework through 0.35.3 for Django allows XSS via component.name.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-22617 CVSS 9.8

Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeCont...

CVE-2021-30633 CVSS 9.6

Google Chromium Indexed DB API Use-After-Free

CVE-2021-35977 CVSS 9.8

An issue was discovered in Digi RealPort for Windows through 4.8.488.0.

CVE-2021-36767 CVSS 9.8

In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, maki...

CVE-2021-41566 CVSS 9.8

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute...

CVE-2021-41974 CVSS 9.1

Tad Book3 editing book page does not perform identity verification.

CVE-2021-42109 CVSS 9.8

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.

View critical disclosures

cvelogic Threat Intelligence