Aug 9, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft .NET Core And Visual Studio added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-38180 Microsoft .NET Core and Visual Studio Denial-of-Service

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Microsoft .NET Core And Visual Studio DoS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-34545 Cskaza Cszcms SQL Injection

  • CVSS 9.8

New critical Cskaza Cszcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-37068 Sherlock Gym Management System SQL Injection

  • CVSS 9.8

New critical Sherlock Gym Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-38180 KEV

Microsoft .NET Core and Visual Studio Denial-of-Service

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-33241 CVSS 9.6

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a mali...

CVE-2023-33242 CVSS 9.6

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a si...

CVE-2023-33468 CVSS 9.1

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulati...

CVE-2023-34545 CVSS 9.8

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.

CVE-2023-37068 CVSS 9.8

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unautho...

CVE-2023-39001 CVSS 9.8

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before...

CVE-2023-39004 CVSS 9.8

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2...

CVE-2023-39007 CVSS 9.6

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via open...

CVE-2023-39008 CVSS 9.8

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edit...

CVE-2023-39969 CVSS 9

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures.

View critical disclosures

cvelogic Threat Intelligence