Mar 14, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Office: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-23397 Microsoft Office Outlook Privilege Escalation

  • Actively exploited (CISA KEV)
  • CVSS 9.8
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Office Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-1327 Netgear Rax30 Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Netgear Rax30 Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-21708 Remote Procedure Call Runtime Remote Code Execution Vulnerability

  • CVSS 9.8
  • Remote code execution exposure

New critical Microsoft Windows 10 1507 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-23397 KEV CVSS 9.8

Microsoft Office Outlook Privilege Escalation

Microsoft Windows SmartScreen Security Feature Bypass

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-39214 CVSS 9.6

Combodo iTop is an open source, web-based IT service management platform.

CVE-2023-1327 CVSS 9.8

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated at...

CVE-2023-21708 CVSS 9.8

Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2023-23392 CVSS 9.8

HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2023-23415 CVSS 9.8

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

CVE-2023-26511 CVSS 9.8

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain...

CVE-2023-27074 CVSS 9.8

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.

CVE-2023-27757 CVSS 9.8

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary...

CVE-2023-28343 CVSS 9.8

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone ti...

View critical disclosures

cvelogic Threat Intelligence