Jun 23, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apple Multiple Products: 3 CVEs added to CISA KEV today.
  • Mcl-collection Mcl-net Firmware: public exploit or PoC linked
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-20867 VMware Tools Authentication Bypass

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Authentication bypass — unauthenticated access risk

VMware Tools Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2020-11560 Nchsoftware Express Invoice

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2023-3197 Inspireui Mstore Api SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Inspireui Mstore Api SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2023-34834 Exploit

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensiti...

CVE-2020-11560 Exploit

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-1721 CVSS 9.1

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server.

CVE-2023-1722 CVSS 9.1

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server.

CVE-2023-3197 CVSS 9.8

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and in...

CVE-2023-35156 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-35158 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-35159 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-35160 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-35161 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-35162 CVSS 9.6

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled.

View critical disclosures

cvelogic Threat Intelligence