Jun 7, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-3079 Google Chromium V8 Type Confusion

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-20887 Vmware Aria Operations for Networks Command Injection

  • CVSS 9.8
  • Remote code execution exposure

New critical VMware Aria Operations For Networks RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-2530 A privilege escalation allowing remote code execution was discovered in the orchestration service.

  • CVSS 9.8
  • Remote code execution exposure

New critical Puppet Enterprise RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-20887 CVSS 9.8

Vmware Aria Operations for Networks Command Injection

CVE-2023-2530 CVSS 9.8

A privilege escalation allowing remote code execution was discovered in the orchestration service.

CVE-2023-31114 CVSS 9.1

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.

CVE-2023-31116 CVSS 9.8

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300.

CVE-2023-33282 CVSS 9.8

Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials.

CVE-2023-33496 CVSS 9.8

xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec...

CVE-2023-33553 CVSS 9.8

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via mani...

CVE-2023-33556 CVSS 9.8

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting...

CVE-2023-33863 CVSS 9.8

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.

CVE-2023-33864 CVSS 9.8

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow.

View critical disclosures

cvelogic Threat Intelligence