Aug 15, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-38866 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588.

  • CVSS 9.8

New critical Comfast Cf-xr11 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-39850 Schoolmate Project Schoolmate SQL Injection

  • CVSS 9.8

New critical Schoolmate Project Schoolmate SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-39851 Webchess Project Webchess SQL Injection

  • CVSS 9.8

New critical Webchess Project Webchess SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-38864 CVSS 9.8

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171...

CVE-2023-38866 CVSS 9.8

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588.

CVE-2023-39850 CVSS 9.8

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFun...

CVE-2023-39851 CVSS 9.8

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.

CVE-2023-39852 CVSS 9.8

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.

CVE-2023-4338 CVSS 9.8

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-O...

CVE-2023-4340 CVSS 9.8

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file

CVE-2023-4341 CVSS 9.8

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

CVE-2023-4342 CVSS 9.8

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy

CVE-2023-4344 CVSS 9.8

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

View critical disclosures

cvelogic Threat Intelligence