Feb 21, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Mitel MiVoice Connect: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-40765 Mitel MiVoice Connect Command Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Mitel MiVoice Connect Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-0947 Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.

  • CVSS 9.8

New critical Flatpress Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-24107 Hour Of Code Python 2015 Project Hour Of Code Python 2015 Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Hour Of Code Python 2015 Project Hour Of Code Python 2015 Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-46637 CVSS 9.8

Prolink router PRS1841 was discovered to contain hardcoded credentials for its Telnet and FTP services.

CVE-2023-0947 CVSS 9.8

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.

CVE-2023-22920 CVSS 9.8

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misc...

CVE-2023-24080 CVSS 9.8

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user acc...

CVE-2023-24107 CVSS 9.8

hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the requ...

CVE-2023-24108 CVSS 9.8

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requiremen...

CVE-2023-24184 CVSS 9.8

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.

CVE-2023-24320 CVSS 9.8

An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.

CVE-2023-25157 CVSS 9.8

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.

CVE-2023-25158 CVSS 9.8

GeoTools is an open source Java library that provides tools for geospatial data.

View critical disclosures

cvelogic Threat Intelligence