Feb 14, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Office: 3 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-21823 Microsoft Windows Graphic Component Privilege Escalation

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Microsoft Windows RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-24482 Siemens Comos

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-21689 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

  • CVSS 9.8
  • Remote code execution exposure

New critical Microsoft Windows 10 1507 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Office Publisher Security Feature Bypass

Microsoft Windows Graphic Component Privilege Escalation

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-21689 CVSS 9.8

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVE-2023-21690 CVSS 9.8

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVE-2023-21692 CVSS 9.8

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVE-2023-21716 CVSS 9.8

Microsoft Word Remote Code Execution Vulnerability

CVE-2023-21803 CVSS 9.8

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

CVE-2023-24159 CVSS 9.8

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg...

CVE-2023-24160 CVSS 9.8

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg...

CVE-2023-24161 CVSS 9.8

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanId...

CVE-2023-24482 CVSS 10

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All ve...

CVE-2023-25725 CVSS 9.1

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request...

View critical disclosures

cvelogic Threat Intelligence