Feb 16, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Cacti added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-46169 Cacti Command Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Cacti Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-22578 Sequelizejs Sequelize SQL Injection

  • CVSS 10

New critical Sequelizejs Sequelize SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-22579 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-42756 CVSS 9.8

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 a...

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6...

CVE-2021-43529 CVSS 9.8

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages.

CVE-2022-38375 CVSS 9.1

An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthentic...

CVE-2022-39952 CVSS 9.8

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8....

CVE-2023-22578 CVSS 10

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CVE-2023-22579 CVSS 9.9

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.

CVE-2023-23947 CVSS 9.1

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

CVE-2023-24236 CVSS 9.8

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting...

CVE-2023-24238 CVSS 9.8

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/del...

View critical disclosures

cvelogic Threat Intelligence