Jun 11, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-22583 The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

CVSS 10

New critical Danfoss Ak-em100 Firmware SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-25911 Danfoss Ak-em100 Firmware Command Injection

CVSS 9.9

New critical Danfoss Ak-em100 Firmware Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2023-22582 The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

CVSS 9

New high-severity Danfoss Ak-em100 Firmware XSS — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-22582 CVSS 9

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

CVE-2023-22583 CVSS 10

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

CVE-2023-22585 CVSS 9

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

CVE-2023-25911 CVSS 9.9

The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application paramet...

View critical disclosures

cvelogic Threat Intelligence