Nov 15, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Igexsolutions Wpschoolpress: public exploit or PoC linked (XSS)
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-24664 Igexsolutions Wpschoolpress XSS

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2021-43140 SQL Injection vulnerability exists in Sourcecodester.

  • Public exploit or PoC available
  • Exploit activity linked

Oretnom23 Simple Subscription Website SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-41269 Cron-utils Project Cron-utils RCE

  • CVSS 10
  • Remote code execution exposure

New critical Cron-utils Project Cron-utils RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-43617 Exploit

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/...

CVE-2021-24664 Exploit

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not...

CVE-2021-43140 Exploit

SQL Injection vulnerability exists in Sourcecodester.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-41244 CVSS 9.1

Grafana is an open-source platform for monitoring and observability.

CVE-2021-41269 CVSS 10

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them.

CVE-2021-41765 CVSS 9.8

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated...

CVE-2021-41950 CVSS 9.1

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files o...

CVE-2021-42377 CVSS 9.8

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a cra...

CVE-2021-42580 CVSS 9.8

Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and...

View critical disclosures

cvelogic Threat Intelligence