May 22, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Apple Multiple Products: 3 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read

Actively exploited (CISA KEV)
Listed on CISA KEV

Apple Multiple Products Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-31062 Apache Inlong privilege escalation

CVSS 9.8
Potential privilege escalation to admin/root

New critical Apache Inlong privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-2840 NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-28204 KEV

Apple Multiple Products WebKit Out-of-Bounds Read

CVE-2023-32373 KEV

Apple Multiple Products WebKit Use-After-Free

CVE-2023-32409 KEV

Apple Multiple Products WebKit Sandbox Escape

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-2586 CVSS 9

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered device...

CVE-2023-2838 CVSS 9.1

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-2840 CVSS 9.8

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.

CVE-2023-31062 CVSS 9.8

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 th...

CVE-2023-31065 CVSS 9.1

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 th...

CVE-2023-31066 CVSS 9.1

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache I...

CVE-2023-31098 CVSS 9.8

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through...

CVE-2023-31689 CVSS 9.8

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish...

CVE-2023-33236 CVSS 9.8

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability.

CVE-2023-33294 CVSS 9.8

An issue was discovered in KaiOS 3.0 before 3.1.

View critical disclosures

cvelogic Threat Intelligence