Jun 12, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-2278 Wpdirectorykit Wp Directory Kit Code Execution

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Wpdirectorykit Wp Directory Kit Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-26295 Hp Device Manager Command Injection

  • CVSS 9.8

New critical Hp Device Manager Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-27716 Kafkaui-lite Project Kafkaui-lite privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Kafkaui-lite Project Kafkaui-lite privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-1897 CVSS 9.4

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could a...

CVE-2023-1898 CVSS 9.4

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers.

CVE-2023-1899 CVSS 9.4

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive informatio...

CVE-2023-2278 CVSS 9.8

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_publ...

CVE-2023-26295 CVSS 9.8

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVE-2023-27716 CVSS 9.8

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nod...

CVE-2023-32673 CVSS 9.8

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerabl...

CVE-2023-32674 CVSS 9.8

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

CVE-2023-33625 CVSS 9.8

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST paramete...

CVE-2023-33626 CVSS 9.8

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.

View critical disclosures

cvelogic Threat Intelligence