Mar 21, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-27874 Ibm Aspera Faspex XXE

  • CVSS 9.9

New critical Ibm Aspera Faspex XXE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-1153 Pacsrapor SQL Injection

  • CVSS 9.8

New critical Pacsrapor SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-1529 Fedoraproject Chrome memory safety

  • CVSS 9.8

New critical Fedoraproject Chrome memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-37337 CVSS 9.1

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5.

CVE-2022-45637 CVSS 9.8

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mech...

CVE-2023-1153 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Com...

CVE-2023-1529 CVSS 9.8

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corr...

CVE-2023-1537 CVSS 9.8

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

CVE-2023-27569 CVSS 9.8

The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header.

CVE-2023-27570 CVSS 9.8

The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie.

CVE-2023-27855 CVSS 9.8

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer.

CVE-2023-27874 CVSS 9.9

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data.

CVE-2023-28725 CVSS 9.1

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execut...

View critical disclosures

cvelogic Threat Intelligence