Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 1, 2021
Dec 1, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus: 2 CVEs added to CISA KEV today.
Online Enrollment Management System Project Online Enrollment Management System: public exploit or PoC linked (cross-site scripting)
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2018-14847
MikroTik Router OS Directory Traversal
Actively exploited (CISA KEV)
Listed on CISA KEV
MikroTik RouterOS Directory Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
CVE-2021-40577
Online Enrollment Management System Project Online Enrollment Management System cross-site scripting
Public exploit or PoC available
Exploit activity linked
Online Enrollment Management System Project Online Enrollment Management System cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-26777
Circutor Compact Dc-s Basic Firmware Buffer Overflow
New critical Circutor Compact Dc-s Basic Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Zoho ManageEngine ServiceDesk Plus Remote Code Execution
Apache HTTP Server-Side Request Forgery (SSRF)
Zoho ManageEngine ServiceDesk Authentication Bypass
Qualcomm Multiple Chipsets Improper Input Validation
MikroTik Router OS Directory Traversal
View KEV additions
Exploit & PoC activity
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Sou...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare ve...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerabil...
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
View critical disclosures
cvelogic
Threat Intelligence