Oct 14, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-42369 Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection.

  • CVSS 9.9

New critical Zucchetti Imagicle Uc Suite SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-41132 OMERO.web provides a web based client and plugin infrastructure.

  • CVSS 9.8

New critical Openmicroscopy Omero-figure XSS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-22724 Mercury Mer1200 Firmware

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-22724 CVSS 9.8

A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router...

CVE-2021-20599 CVSS 9.1

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety...

CVE-2021-41132 CVSS 9.8

OMERO.web provides a web based client and plugin infrastructure.

CVE-2021-42342 CVSS 9.8

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5.

CVE-2021-42369 CVSS 9.9

Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection.

View critical disclosures

cvelogic Threat Intelligence