Dec 13, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System: public exploit or PoC linked (Directory Traversal)
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-43936 Webhmi Firmware RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Webhmi Firmware RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-45043 Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System Directory Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Hd-network Real-time Monitoring System Project Hd-network Real-time Monitoring System Directory Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-24946 Webnus Modern Events Calendar Lite SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Webnus Modern Events Calendar Lite SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-45043 Exploit

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.

CVE-2021-43936 Exploit

The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-22279 CVSS 9.8

A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the...

CVE-2021-24045 CVSS 9.8

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0.

CVE-2021-24946 CVSS 9.8

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL st...

CVE-2021-24951 CVSS 9.8

The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements wh...

CVE-2021-32024 CVSS 9.8

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to poten...

CVE-2021-39052 CVSS 9.8

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization.

CVE-2021-39063 CVSS 9.1

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out...

CVE-2021-39065 CVSS 9.8

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by...

CVE-2021-43117 CVSS 9.8

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.

CVE-2021-44966 CVSS 9.8

SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php.

View critical disclosures

cvelogic Threat Intelligence