Sep 25, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apple Multiple Products: 3 CVEs added to CISA KEV today.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Apple Multiple Products Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-32653 Accusoft Imagegear RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Accusoft Imagegear RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-35002 Accusoft Imagegear RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Accusoft Imagegear RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Apple Multiple Products Improper Certificate Validation

Apple Multiple Products Kernel Privilege Escalation

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-32653 CVSS 9.8

An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1.

CVE-2023-35002 CVSS 9.8

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1.

CVE-2023-39453 CVSS 9.8

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1.

CVE-2023-39640 CVSS 9.8

UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().

CVE-2023-40163 CVSS 9.8

An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1.

CVE-2023-43141 CVSS 9.8

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

CVE-2023-43457 CVSS 9.8

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/ad...

CVE-2023-4490 CVSS 9.8

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a...

CVE-2023-4521 CVSS 9.8

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE.

View critical disclosures

cvelogic Threat Intelligence