Jun 22, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Roundcube Webmail: 3 CVEs added to CISA KEV today.
Smartofficepayroll Smartoffice: public exploit or PoC linked
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2016-0165 Microsoft Win32k Privilege Escalation

Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root

Microsoft Win32k Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2022-47075 Smartofficepayroll Smartoffice

Public exploit or PoC available
Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2023-36355 Tp-link Tl-wr940n Firmware Buffer Overflow

CVSS 9.9

New critical Tp-link Tl-wr940n Firmware Buffer Overflow (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-20887 KEV

Vmware Aria Operations for Networks Command Injection

CVE-2021-44026 KEV

Roundcube Webmail SQL Injection

CVE-2020-35730 KEV

Roundcube Webmail Cross-Site Scripting (XSS)

CVE-2020-12641 KEV

Roundcube Webmail Remote Code Execution

CVE-2016-9079 KEV

Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free

CVE-2016-0165 KEV

Microsoft Win32k Privilege Escalation

View KEV additions

Exploit & PoC activity

CVE-2022-47075 Exploit

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name para...

CVE-2022-47076 Exploit

An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.a...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-2611 CVSS 9.8

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list.

CVE-2023-29711 CVSS 9.8

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via craf...

CVE-2023-2989 CVSS 9.1

Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow...

CVE-2023-3128 CVSS 9.4

Grafana is validating Azure AD accounts based on the email claim.

CVE-2023-32571 CVSS 9.8

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods...

CVE-2023-3326 CVSS 9.8

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KD...

CVE-2023-34601 CVSS 9.8

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.

CVE-2023-34939 CVSS 9.8

Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component Upload...

CVE-2023-36097 CVSS 9.8

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

CVE-2023-36355 CVSS 9.9

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm.

View critical disclosures

cvelogic Threat Intelligence