Aug 24, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

RARLAB WinRAR added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-32315 Ignite Realtime Openfire Path Traversal

Actively exploited (CISA KEV)
Listed on CISA KEV

Ignite Realtime Openfire Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-4420 A remote unprivileged attacker can intercept the communication via e.g.

CVSS 9.8
Potential privilege escalation to admin/root

New critical Sick Lms500 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-39699 Icewarp Mail Server

CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-38831 KEV

RARLAB WinRAR Code Execution

CVE-2023-32315 KEV

Ignite Realtime Openfire Path Traversal

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-39699 CVSS 9.8

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/in...

CVE-2023-40897 CVSS 9.8

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.

CVE-2023-40898 CVSS 9.8

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.

CVE-2023-40899 CVSS 9.8

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList...

CVE-2023-40900 CVSS 9.8

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.

CVE-2023-40901 CVSS 9.8

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceLi...

CVE-2023-40902 CVSS 9.8

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMac...

CVE-2023-40904 CVSS 9.8

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceLi...

CVE-2023-4419 CVSS 9.8

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or...

CVE-2023-4420 CVSS 9.8

A remote unprivileged attacker can intercept the communication via e.g.

View critical disclosures

cvelogic Threat Intelligence