Sep 15, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-4994 Hitreach Allow Php In Posts And Pages RCE

  • CVSS 9.9
  • Internet-facing CMS deployments affected

New critical Hitreach Allow Php In Posts And Pages RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-28614 Freewillsolutions Smart Trade Command Injection

  • CVSS 9.8

New critical Freewillsolutions Smart Trade Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-41887 OpenRefine is a powerful free, open source tool for working with messy data.

  • CVSS 9.8
  • Remote code execution exposure

New critical Openrefine RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-28614 CVSS 9.8

Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.

CVE-2023-36735 CVSS 9.6

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Admin...

CVE-2023-41887 CVSS 9.8

OpenRefine is a powerful free, open source tool for working with messy data.

CVE-2023-42336 CVSS 9.8

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via t...

CVE-2023-42398 CVSS 9.8

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in...

CVE-2023-4662 CVSS 9.8

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.

CVE-2023-4833 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software...

CVE-2023-4835 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software...

CVE-2023-4994 CVSS 9.9

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via...

View critical disclosures

cvelogic Threat Intelligence