Apr 26, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-20852 Aenrich A\+hrd Deserialization

  • CVSS 9.8

New critical Aenrich A\+hrd Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-20853 Aenrich A\+hrd Deserialization

  • CVSS 9.8

New critical Aenrich A\+hrd Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-30280 Netgear R6700 Firmware Buffer Overflow

  • CVSS 9.8

New critical Netgear R6700 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-36070 CVSS 9.8

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php...

CVE-2022-47758 CVSS 9.8

Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.

CVE-2023-20852 CVSS 9.8

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter.

CVE-2023-20853 CVSS 9.8

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process.

CVE-2023-2297 CVSS 9.8

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versio...

CVE-2023-28697 CVSS 9.8

Moxa MiiNePort E1 has a vulnerability of insufficient access control.

CVE-2023-30280 CVSS 9.8

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execut...

CVE-2023-30363 CVSS 9.8

vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.

CVE-2023-30546 CVSS 9.8

Contiki-NG is an operating system for Internet of Things devices.

CVE-2023-30846 CVSS 9.1

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript.

View critical disclosures

cvelogic Threat Intelligence