Oct 15, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Hkurl I-panel Administration System: public exploit or PoC linked (XSS)
- 8 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2021-41878
Hkurl I-panel Administration System XSS
- Public exploit or PoC available
- Exploit activity linked
Hkurl I-panel Administration System XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-27561
Yealink Device Management Server-Side Request Forgery (SSRF)
New critical Yealink Device Management Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2021-37736
Arubanetworks Clearpass Policy Manager Auth Bypass
- CVSS 9.8
- Authentication bypass — unauthenticated access risk
New critical Arubanetworks Clearpass Policy Manager Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attack...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Yealink Device Management Server-Side Request Forgery (SSRF)
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x...
FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stac...
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
libmobi is vulnerable to Out-of-bounds Read
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution...
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x...
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x...
View critical disclosures
cvelogic
Threat Intelligence