Nov 10, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2021-40519
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2020-23873
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
New critical Science-miner Pdf2xml Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-23874
Science-miner Pdf2xml Buffer Overflow
New critical Science-miner Pdf2xml Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.
pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticate...
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which sys...
Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.
Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10.
View critical disclosures
cvelogic
Threat Intelligence