Apr 5, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Washington I-tech Trainsmart: public exploit or PoC linked (SQL Injection)
- 9 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2020-5330
Dell Pc5500 Firmware Info Disclosure
- Public exploit or PoC available
- Exploit activity linked
Dell Pc5500 Firmware Info Disclosure now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2021-36520
Washington I-tech Trainsmart SQL Injection
- Public exploit or PoC available
- Exploit activity linked
Washington I-tech Trainsmart SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2023-28849
GLPI is a free asset and IT management software package.
New critical Glpi-project Glpi SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists.
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows l...
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution.
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via use...
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
ImageMagick 7.1.0-49 is vulnerable to Denial of Service.
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure.
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticl...
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a cr...
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included.
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae...
THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing...
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clu...
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
Command Injection in GitHub repository microweber/microweber prior to 1.3.3.
An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID v...
GLPI is a free asset and IT management software package.
GLPI is a free asset and IT management software package.
View critical disclosures
cvelogic
Threat Intelligence