Jun 16, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-34157 Huawei Harmonyos

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-48472 A Huawei printer has a system command injection vulnerability.

  • CVSS 9.8
  • Remote code execution exposure

New critical Huawei Bisheng-wnm Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-32754 Thinking Software Efence login function has insufficient validation for user input.

  • CVSS 9.8

New critical Thinkingsoftware Efence SQL injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-48472 CVSS 9.8

A Huawei printer has a system command injection vulnerability.

CVE-2023-25366 CVSS 9.8

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

CVE-2023-32753 CVSS 9.8

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type.

CVE-2023-32754 CVSS 9.8

Thinking Software Efence login function has insufficient validation for user input.

CVE-2023-34157 CVSS 10

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

CVE-2023-34548 CVSS 9.8

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.

CVE-2023-34659 CVSS 9.8

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.

CVE-2023-34832 CVSS 9.8

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

CVE-2023-35708 CVSS 9.8

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a S...

CVE-2023-35784 CVSS 9.8

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL b...

View critical disclosures

cvelogic Threat Intelligence