Apr 25, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Sophos Web Appliance: public exploit or PoC linked (Command Injection)
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-1671 Sophos Web Appliance Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

Sophos Web Appliance Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-4944 Kodcloud Kodexplorer

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2023-30839 PrestaShop is an Open Source e-commerce web application.

  • CVSS 9.9

New critical Prestashop SQL injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-4944 Exploit

A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2012-5872 CVSS 9.8

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a...

CVE-2021-44547 CVSS 9.1

A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leadin...

CVE-2023-25313 CVSS 9.8

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the...

CVE-2023-27105 CVSS 9.8

New critical Shanling Eddict Player Directory Traversal disclosed.

CVE-2023-27843 CVSS 9.8

SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the Quotes...

CVE-2023-30404 CVSS 9.8

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd pa...

CVE-2023-30839 CVSS 9.9

PrestaShop is an Open Source e-commerce web application.

View critical disclosures

cvelogic Threat Intelligence