Jul 6, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Oretnom23 Lost And Found Information System: public exploit or PoC linked (SQL Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-33145 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

  • Public exploit or PoC available
  • Exploit activity linked

Microsoft Edge Chromium Info Disclosure now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2023-33592 Oretnom23 Lost And Found Information System SQL Injection

  • Public exploit or PoC available
  • Exploit activity linked

Oretnom23 Lost And Found Information System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-36460 Mastodon is a free, open-source social network server based on ActivityPub.

  • CVSS 9.9

New critical Joinmastodon Mastodon DoS (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-33592 Exploit

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=sy...

CVE-2023-33145 Exploit

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-29381 CVSS 9.8

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive informatio...

CVE-2023-29382 CVSS 9.8

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE-2023-29824 CVSS 9.8

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0.

CVE-2023-30319 CVSS 9.6

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad5...

CVE-2023-30320 CVSS 9

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad...

CVE-2023-30321 CVSS 9

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710...

CVE-2023-34192 CVSS 9

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)

CVE-2023-35987 CVSS 9.8

PiiGAB M-Bus contains hard-coded credentials which it uses for authentication.

CVE-2023-36459 CVSS 9.3

Mastodon is a free, open-source social network server based on ActivityPub.

CVE-2023-36460 CVSS 9.9

Mastodon is a free, open-source social network server based on ActivityPub.

View critical disclosures

cvelogic Threat Intelligence