Dec 27, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-43857 Gerapy is a distributed crawler management framework.

  • CVSS 9.8
  • Remote code execution exposure

New critical Gerapy RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-21237 8cms Ljcms

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-21238 Chshcms Cscms

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-20944 CVSS 9.1

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.

CVE-2020-21237 CVSS 9.8

An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.

CVE-2020-21238 CVSS 9.8

An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.

CVE-2021-4161 CVSS 9.8

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details.

CVE-2021-43857 CVSS 9.8

Gerapy is a distributed crawler management framework.

CVE-2021-45232 CVSS 9.8

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framewor...

CVE-2021-45890 CVSS 9.8

basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

View critical disclosures

cvelogic Threat Intelligence