Apr 25, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Sophos Web Appliance: public exploit or PoC linked (Command Injection)
- 7 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2023-1671
Sophos Web Appliance Command Injection
- Public exploit or PoC available
- Exploit activity linked
Sophos Web Appliance Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
- Public exploit or PoC available
- Exploit activity linked
Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.
Critical exposure
CVE-2023-30839
PrestaShop is an Open Source e-commerce web application.
New critical Prestashop SQL injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49.
PaperCut MF/NG Improper Access Control
Sophos Web Appliance Command Injection
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a...
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leadin...
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the...
New critical Shanling Eddict Player Directory Traversal disclosed.
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the Quotes...
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd pa...
PrestaShop is an Open Source e-commerce web application.
View critical disclosures
cvelogic
Threat Intelligence