May 5, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Jedox: public exploit or PoC linked (RCE)
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-47875 Jedox Cloud Directory Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Jedox Cloud Directory Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-47877 Jedox XSS

  • Public exploit or PoC available
  • Exploit activity linked

Jedox XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-30053 TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

  • CVSS 9.8

New critical Totolink A7100ru Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-47879 Exploit

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP clas...

CVE-2022-47880 Exploit

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to...

CVE-2023-29809 Exploit

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a c...

CVE-2022-47874 Exploit

Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections...

CVE-2022-47875 Exploit

A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary c...

CVE-2022-47876 Exploit

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.

CVE-2022-47877 Exploit

A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML i...

CVE-2022-47878 Exploit

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to spec...

CVE-2023-2246 Exploit

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-30013 CVSS 9.8

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg.

CVE-2023-30053 CVSS 9.8

TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

CVE-2023-30054 CVSS 9.8

TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability.

CVE-2023-30242 CVSS 9.8

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.

View critical disclosures

cvelogic Threat Intelligence