Jun 28, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-21066 In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow.

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-2982 Miniorange Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) Auth Bypass

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Miniorange Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-32222 Dlink Dsl-g256dg Firmware Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Dlink Dsl-g256dg Firmware Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-25827 CVSS 9.8

Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.

CVE-2023-20192 CVSS 9.6

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated...

CVE-2023-21066 CVSS 9.8

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow.

CVE-2023-2625 CVSS 9

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, h...

CVE-2023-2982 CVSS 9.8

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass...

CVE-2023-32222 CVSS 9.8

D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.

CVE-2023-32224 CVSS 9.8

D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts

CVE-2023-33592 CVSS 9.8

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=sy...

CVE-2023-34738 CVSS 9.8

Chemex through 3.7.1 is vulnerable to arbitrary file upload.

CVE-2023-36475 CVSS 9.8

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

View critical disclosures

cvelogic Threat Intelligence