May 12, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Linux Kernel: 2 CVEs added to CISA KEV today.
9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2010-3904 Linux Kernel Improper Input Validation

Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root

Linux Kernel privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-1934 Sdg Pnpscada SQL Injection

CVSS 9.8

New critical Sdg Pnpscada SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-27823 Optoma 1080pstx Auth Bypass

CVSS 9.8
Authentication bypass — unauthenticated access risk

New critical Optoma 1080pstx Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-25717 KEV

Multiple Ruckus Wireless Products CSRF and RCE

CVE-2021-3560 KEV

Red Hat Polkit Incorrect Authorization

CVE-2016-8735 KEV

Apache Tomcat Remote Code Execution

CVE-2016-3427 KEV

Oracle Java SE and JRockit Unspecified

CVE-2015-5317 KEV

Jenkins User Interface (UI) Information Disclosure

CVE-2014-0196 KEV

Linux Kernel Race Condition

CVE-2010-3904 KEV

Linux Kernel Improper Input Validation

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-1096 CVSS 9.8

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticat...

CVE-2023-1934 CVSS 9.8

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulner...

CVE-2023-27238 CVSS 9.8

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.

CVE-2023-27823 CVSS 9.8

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.

CVE-2023-30246 CVSS 9.8

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestan...

CVE-2023-30247 CVSS 9.8

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary co...

CVE-2023-31983 CVSS 9.8

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the...

CVE-2023-31985 CVSS 9.8

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the...

CVE-2023-32243 CVSS 9.8

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.

View critical disclosures

cvelogic Threat Intelligence