Oct 17, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-27133 Tsplus Remote Work Privilege Escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Tsplus Remote Work Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-41630 Esst Monitoring RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Esst Monitoring RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-45951 Lylme Spage SQL Injection

  • CVSS 9.8

New critical Lylme Spage SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-22069 CVSS 9.8

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

CVE-2023-22072 CVSS 9.8

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

CVE-2023-22089 CVSS 9.8

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

CVE-2023-27132 CVSS 9.8

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web...

CVE-2023-27133 CVSS 9.8

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\w...

CVE-2023-41630 CVSS 9.8

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component.

CVE-2023-42627 CVSS 9.6

Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay D...

CVE-2023-42628 CVSS 9

Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack...

CVE-2023-45951 CVSS 9.8

lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.

CVE-2023-45952 CVSS 9.8

An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code vi...

View critical disclosures

cvelogic Threat Intelligence