Sep 28, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Red Hat JBoss RichFaces Framework added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2018-14667 Red Hat JBoss RichFaces Framework Expression Language Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-43654 TorchServe is a tool for serving and scaling PyTorch models in production.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-30415 Oretnom23 Packers And Movers Management System SQL Injection

  • CVSS 9.8

New critical Oretnom23 Packers And Movers Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2018-14667 KEV

Red Hat JBoss RichFaces Framework Expression Language Injection

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-30415 CVSS 9.8

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at...

CVE-2023-43013 CVSS 9.8

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page,...

CVE-2023-43654 CVSS 10

TorchServe is a tool for serving and scaling PyTorch models in production.

CVE-2023-43739 CVSS 9.8

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.

CVE-2023-44163 CVSS 9.8

The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the d...

CVE-2023-44164 CVSS 9.8

The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the dat...

CVE-2023-44166 CVSS 9.8

The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to th...

CVE-2023-5004 CVSS 9.8

Hospital management system version 378c157 allows to bypass authentication.

CVE-2023-5053 CVSS 9.8

Hospital management system version 378c157 allows to bypass authentication.

CVE-2023-5185 CVSS 9.1

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page,...

View critical disclosures

cvelogic Threat Intelligence