Jul 18, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-35189 Iagona Scrutisweb Code Execution

  • CVSS 10
  • Remote code execution exposure

New critical Iagona Scrutisweb Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-3765 Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

  • CVSS 10

New critical Lfprojects Mlflow Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-37522 Locke-bot Project Locke-bot SQL Injection

  • CVSS 9.8

New critical Locke-bot Project Locke-bot SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-34123 CVSS 9.8

An issue was discovered on atasm, version 1.09.

CVE-2021-37522 CVSS 9.8

SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src...

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account).

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account).

CVE-2023-30153 CVSS 9.8

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, a...

CVE-2023-34329 CVSS 9.1

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header.

CVE-2023-35189 CVSS 10

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated u...

CVE-2023-36669 CVSS 9.8

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbi...

CVE-2023-36670 CVSS 9.8

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4.

CVE-2023-3765 CVSS 10

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

View critical disclosures

cvelogic Threat Intelligence