Jan 31, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-45172 An issue was discovered in LIVEBOX Collaboration vDesk before v018.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Liveboxcloud Vdesk privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-45297 Eq Project Eq SQL Injection

  • CVSS 9.8

New critical Eq Project Eq SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-47780 SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.

  • CVSS 9.8

New critical Bangresto Project Bangresto SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-45172 CVSS 9.8

An issue was discovered in LIVEBOX Collaboration vDesk before v018.

CVE-2022-45297 CVSS 9.8

EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.

CVE-2022-47697 CVSS 9.8

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account tak...

CVE-2022-47699 CVSS 9.8

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.

CVE-2022-47780 CVSS 9.8

SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.

CVE-2022-47854 CVSS 9.8

i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.

CVE-2022-47873 CVSS 9.8

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).

CVE-2023-22610 CVSS 9.1

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific mes...

CVE-2023-24162 CVSS 9.8

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml param...

CVE-2023-24163 CVSS 9.8

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.

View critical disclosures

cvelogic Threat Intelligence