Oct 31, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-26707 Aaptjs Project Aaptjs

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-36376 Aaptjs Project Aaptjs

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-36377 Aaptjs Project Aaptjs

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-25911 CVSS 9.1

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an in...

CVE-2020-25912 CVSS 9.1

A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead t...

CVE-2020-26705 CVSS 9.1

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to...

CVE-2020-26707 CVSS 9.8

An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath pa...

CVE-2020-36376 CVSS 9.8

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parame...

CVE-2020-36377 CVSS 9.8

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parame...

CVE-2020-36378 CVSS 9.8

An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath...

CVE-2020-36379 CVSS 9.8

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath para...

CVE-2020-36380 CVSS 9.8

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath para...

CVE-2020-36381 CVSS 9.8

An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePat...

View critical disclosures

cvelogic Threat Intelligence