May 19, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Cisco IOS, IOS XR, And IOS XE: 2 CVEs added to CISA KEV today.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2004-1464 Cisco IOS Denial-of-Service

Actively exploited (CISA KEV)
Listed on CISA KEV
Network edge / SD-WAN deployments affected

Cisco IOS DoS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-2704 Vibethemes Bp Social Connect Auth Bypass

CVSS 9.8
Internet-facing CMS deployments affected

New critical Vibethemes Bp Social Connect Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-31707 SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

CVSS 9.8

New critical Sem-cms Semcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-21492 KEV

Samsung Mobile Devices Insertion of Sensitive Information Into Log File

CVE-2016-6415 KEV

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure

CVE-2004-1464 KEV

Cisco IOS Denial-of-Service

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-2704 CVSS 9.8

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5.

CVE-2023-31707 CVSS 9.8

SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

View critical disclosures

cvelogic Threat Intelligence