Sep 8, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Spa-cart Ecommerce Cms: public exploit or PoC linked (SQL Injection)
- 4 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2022-31470
Axigen Mobile Webmail cross-site scripting
- Public exploit or PoC available
- Exploit activity linked
Axigen Mobile Webmail cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2023-4548
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3.
- Public exploit or PoC available
- Exploit activity linked
Spa-cart Ecommerce Cms SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
New critical Jeecg Boot SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3.
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/syste...
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM.
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x befor...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the modul...
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.
View critical disclosures
cvelogic
Threat Intelligence