Sep 4, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Spa-cart Ecommerce Cms: public exploit or PoC linked (cross-site scripting)
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2022-25148
Veronalabs Wp Statistics SQL Injection
- Public exploit or PoC available
- Exploit activity linked
- Internet-facing CMS deployments affected
WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.
Active exploit activity
- Public exploit or PoC available
- Exploit activity linked
- Remote code execution exposure
Ivanti Avalanche RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3.
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitiv...
A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4.
A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1.
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary...
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more.
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_i...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.
View critical disclosures
cvelogic
Threat Intelligence