Mar 3, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-46973 Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.

  • CVSS 9.8

New critical Anji-plus Aj-report SSRF (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-20078 Cisco Ip Phone 6825 Firmware DoS

  • CVSS 9.8
  • Network edge / SD-WAN deployments affected

New critical Cisco Ip Phone 6825 Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-20079 Cisco Ip Phone 6825 Firmware DoS

  • CVSS 9.8
  • Network edge / SD-WAN deployments affected

New critical Cisco Ip Phone 6825 Firmware DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-46973 CVSS 9.8

Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.

CVE-2023-20078 CVSS 9.8

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker...

CVE-2023-20079 CVSS 9.8

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker...

CVE-2023-24641 CVSS 9.8

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.

CVE-2023-24642 CVSS 9.8

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.

CVE-2023-24643 CVSS 9.8

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtvi...

CVE-2023-26481 CVSS 9.1

authentik is an open-source Identity Provider.

CVE-2023-26779 CVSS 9.8

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).

CVE-2023-27290 CVSS 9.1

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not curre...

CVE-2023-27574 CVSS 9.8

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.

View critical disclosures

cvelogic Threat Intelligence