Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 3, 2021
Dec 3, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Oretnom23 Online Magazine Management System: public exploit or PoC linked (Auth Bypass)
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2021-39316
Digitalzoomstudio Zoomsounds Directory Traversal
Public exploit or PoC available
Exploit activity linked
Internet-facing CMS deployments affected
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Active exploit activity
CVE-2021-44653
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability.
Public exploit or PoC available
Exploit activity linked
Authentication bypass — unauthenticated access risk
Oretnom23 Online Magazine Management System Auth Bypass now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-35344
Tsmuxer Project Tsmuxer Buffer Overflow
New critical Tsmuxer Project Tsmuxer Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability.
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability.
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc....
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php.
matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.
A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request i...
View critical disclosures
cvelogic
Threat Intelligence