Jul 12, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-3342 Wpeverest User Registration

  • CVSS 9.9
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-34124 Sonicwall Analytics Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Sonicwall Analytics Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-34137 Sonicwall Analytics Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Sonicwall Analytics Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-3342 CVSS 9.9

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file typ...

CVE-2023-34124 CVSS 9.8

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass.

CVE-2023-34128 CVSS 9.8

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file.

CVE-2023-34130 CVSS 9.8

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data.

CVE-2023-34132 CVSS 9.8

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks.

CVE-2023-34136 CVSS 9.8

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by t...

CVE-2023-34137 CVSS 9.8

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentica...

CVE-2023-37567 CVSS 9.8

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitra...

CVE-2023-38198 CVSS 9.8

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.

CVE-2023-38199 CVSS 9.8

coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms.

View critical disclosures

cvelogic Threat Intelligence