Feb 13, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-40022 Microchip Syncserver S650 Firmware Command Injection

  • CVSS 9.8

New critical Microchip Syncserver S650 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-4445 Armandofiore Fl3r Feelbox SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Armandofiore Fl3r Feelbox SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-48323 Sunlogin Sunflower Path Traversal

  • CVSS 9.8

New critical Sunlogin Sunflower Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-40022 CVSS 9.8

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.

CVE-2022-4445 CVSS 9.8

The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an...

CVE-2022-47034 CVSS 9.8

A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.

CVE-2022-48323 CVSS 9.8

Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue.

CVE-2023-23551 CVSS 9.1

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arb...

CVE-2023-24084 CVSS 9.8

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.

CVE-2023-24188 CVSS 9.1

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files t...

CVE-2023-24646 CVSS 9.8

An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbi...

CVE-2023-25717 CVSS 9.8

Multiple Ruckus Wireless Products CSRF and RCE

CVE-2023-25718 CVSS 9.8

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions...

View critical disclosures

cvelogic Threat Intelligence