Dec 3, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Oretnom23 Online Magazine Management System: public exploit or PoC linked (Auth Bypass)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-39316 Digitalzoomstudio Zoomsounds Directory Traversal

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2021-44653 Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability.

  • Public exploit or PoC available
  • Exploit activity linked
  • Authentication bypass — unauthenticated access risk

Oretnom23 Online Magazine Management System Auth Bypass now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-35344 Tsmuxer Project Tsmuxer Buffer Overflow

  • CVSS 9.8

New critical Tsmuxer Project Tsmuxer Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-44653 Exploit

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability.

CVE-2021-44655 Exploit

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability.

CVE-2021-39316 Exploit

The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-35344 CVSS 9.8

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.

CVE-2021-35346 CVSS 9.8

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc....

CVE-2021-35414 CVSS 9.8

Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.

CVE-2021-43674 CVSS 9.8

ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.

CVE-2021-43676 CVSS 9.8

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.

CVE-2021-44278 CVSS 9.8

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.

CVE-2021-44347 CVSS 9.8

SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.

CVE-2021-44348 CVSS 9.8

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.

CVE-2021-44349 CVSS 9.8

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.

CVE-2021-44352 CVSS 9.8

A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request i...

View critical disclosures

cvelogic Threat Intelligence