Sep 4, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Spa-cart Ecommerce Cms: public exploit or PoC linked (cross-site scripting)

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-25148 Veronalabs Wp Statistics SQL Injection

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2023-32560 Ivanti Avalanche RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Ivanti Avalanche RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-4613 Lg Led Assistant

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-4547 Exploit

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3.

CVE-2023-39026 Exploit

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitiv...

CVE-2023-4407 Exploit

A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4.

CVE-2023-4382 Exploit

A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1.

CVE-2023-32560 Exploit

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary...

CVE-2022-23513 Exploit

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more.

CVE-2022-25148 Exploit

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_i...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-4613 CVSS 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.

CVE-2023-4614 CVSS 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.

View critical disclosures

cvelogic Threat Intelligence