Oct 22, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Eclipse Autovue For Agile Product Lifecycle Management: public exploit or PoC linked
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-28164 Eclipse Autovue For Agile Product Lifecycle Management

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2020-28960 Cct95 Chichen Tech Cms SQL Injection

  • CVSS 9.8

New critical Cct95 Chichen Tech Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-41744 All versions of yongyou PLM are affected by a command injection issue.

  • CVSS 9.8

New critical Yonyou Ufida Product Lifecycle Management Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-28164 Exploit

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e s...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-23037 CVSS 9.8

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrar...

CVE-2020-28960 CVSS 9.8

Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid pa...

CVE-2021-38457 CVSS 9.8

The server permits communication without any authentication procedure, allowing the attacker to initiate a session with the server withou...

CVE-2021-38469 CVSS 9.1

Many of the services used by the affected product do not specify full paths for the DLLs they are loading.

CVE-2021-38471 CVSS 9.1

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or creat...

CVE-2021-38477 CVSS 9.8

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the mani...

CVE-2021-41744 CVSS 9.8

All versions of yongyou PLM are affected by a command injection issue.

CVE-2021-41745 CVSS 9.8

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

CVE-2021-42169 CVSS 9.8

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-In...

View critical disclosures

cvelogic Threat Intelligence