Sep 11, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apple IOS, IPadOS, And WatchOS: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-41061 Apple iOS, iPadOS, and watchOS Wallet Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Apple IOS, IPadOS, And WatchOS RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-40622 Sap Businessobjects Business Intelligence

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-35681 Google Android RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Apple iOS, iPadOS, and watchOS Wallet Code Execution

Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-35681 CVSS 9.8

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow.

CVE-2023-39069 CVSS 9.8

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory auth...

CVE-2023-40150 CVSS 9.8

Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthen...

CVE-2023-40309 CVSS 9.8

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an au...

CVE-2023-40622 CVSS 9.9

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenti...

CVE-2023-40944 CVSS 9.8

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php.

CVE-2023-40945 CVSS 9.8

Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.

CVE-2023-40946 CVSS 9.8

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.

CVE-2023-41256 CVSS 9.1

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable...

CVE-2023-4897 CVSS 9.8

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.

View critical disclosures

cvelogic Threat Intelligence