Feb 24, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-24189 Bstek Urule XXE

  • CVSS 9.8

New critical Bstek Urule XXE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-33224 Umbraco Forms

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2021-35370 Txjia Imcat

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-33224 CVSS 9.8

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config an...

CVE-2021-33387 CVSS 9.6

Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.

CVE-2021-35370 CVSS 9.8

An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.

CVE-2021-4105 CVSS 9.8

Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.

CVE-2023-24189 CVSS 9.8

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to...

CVE-2023-25691 CVSS 9.8

Improper Input Validation vulnerability in the Apache Airflow Google Provider.

CVE-2023-25693 CVSS 9.8

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.

CVE-2023-25696 CVSS 9.8

Improper Input Validation vulnerability in the Apache Airflow Hive Provider.

CVE-2023-26034 CVSS 9.6

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.

View critical disclosures

cvelogic Threat Intelligence