Sep 8, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Spa-cart Ecommerce Cms: public exploit or PoC linked (SQL Injection)
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-31470 Axigen Mobile Webmail cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

Axigen Mobile Webmail cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2023-4548 A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3.

  • Public exploit or PoC available
  • Exploit activity linked

Spa-cart Ecommerce Cms SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-42268 Jeecg Boot SQL Injection

  • CVSS 9.8

New critical Jeecg Boot SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-4548 Exploit

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3.

CVE-2023-34723 Exploit

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/syste...

CVE-2022-4953 Exploit

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM.

CVE-2022-31470 Exploit

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x befor...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-39320 CVSS 9.8

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the modul...

CVE-2023-42268 CVSS 9.8

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.

CVE-2023-42276 CVSS 9.8

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.

CVE-2023-42277 CVSS 9.8

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.

View critical disclosures

cvelogic Threat Intelligence