Sep 19, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • MinIO added to CISA KEV — confirmed in-the-wild exploitation.
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-28434 MinIO Security Feature Bypass

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-42793 JetBrains TeamCity Authentication Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical JetBrains TeamCity Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-38888 Dolibarr Erp\/crm cross-site scripting

  • CVSS 9.6

New critical Dolibarr Erp\/crm cross-site scripting (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-47555 CVSS 9.3

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new us...

CVE-2022-47558 CVSS 9.4

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials.

CVE-2023-0773 CVSS 9.1

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface.

CVE-2023-29245 CVSS 9.2

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset I...

CVE-2023-38888 CVSS 9.6

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and e...

CVE-2023-4088 CVSS 9.3

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicio...

CVE-2023-41387 CVSS 9.1

A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite...

View critical disclosures

cvelogic Threat Intelligence