Aug 8, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Moosocial Moostore: public exploit or PoC linked (cross-site scripting)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-29689 Pyrocms RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Pyrocms RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2023-4168 A vulnerability was found in Templatecookie Adlisting 2.14.0.

  • Public exploit or PoC available
  • Exploit activity linked

Templatecookie Adlisting Info Disclosure now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-20586 Amd Radeon Software privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Amd Radeon Software privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-37569 Exploit

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component.

CVE-2023-4173 Exploit

A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6.

CVE-2023-4174 Exploit

A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic.

CVE-2023-4168 Exploit

A vulnerability was found in Templatecookie Adlisting 2.14.0.

CVE-2023-29689 Exploit

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-20586 CVSS 9.8

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege.

CVE-2023-21709 CVSS 9.8

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2023-35385 CVSS 9.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-36534 CVSS 9.3

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege vi...

CVE-2023-36910 CVSS 9.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-36911 CVSS 9.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-39213 CVSS 9.6

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthentic...

CVE-2023-39216 CVSS 9.6

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of p...

CVE-2023-40041 CVSS 9.8

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so.

CVE-2023-40042 CVSS 9.8

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so.

View critical disclosures

cvelogic Threat Intelligence