Apr 13, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Novi Survey added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-20963 Android Framework Privilege Escalation

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Android Framework Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-26918 Filereplicationpro File Replication Pro privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Filereplicationpro File Replication Pro privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-27667 Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.

  • CVSS 9.8

New critical Auto Dealer Management System Project Auto Dealer Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-33288 CVSS 9.3

Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection informa...

CVE-2023-24509 CVSS 9.3

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol confi...

CVE-2023-26918 CVSS 9.8

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will b...

CVE-2023-27667 CVSS 9.8

Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.

CVE-2023-27746 CVSS 9.8

BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute for...

CVE-2023-27748 CVSS 9.8

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware.

CVE-2023-27779 CVSS 9.8

AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.

CVE-2023-27812 CVSS 9.1

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.

CVE-2023-29598 CVSS 9.8

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.

CVE-2023-29622 CVSS 9.8

Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admi...

View critical disclosures

cvelogic Threat Intelligence