Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 13, 2021
Dec 13, 2021 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System: public exploit or PoC linked (Directory Traversal)
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
Public exploit or PoC available
Exploit activity linked
Remote code execution exposure
Webhmi Firmware RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2021-45043
Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System Directory Traversal
Public exploit or PoC available
Exploit activity linked
Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System Directory Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2021-24946
Webnus Modern Events Calendar Lite SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Webnus Modern Events Calendar Lite SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the...
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0.
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL st...
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements wh...
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to poten...
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization.
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out...
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by...
fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php.
View critical disclosures
cvelogic
Threat Intelligence