Oct 25, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-30967 Palantir Orbital Simulator Path Traversal

  • CVSS 9.8

New critical Palantir Orbital Simulator Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-46421 Totolink X6000r Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Totolink X6000r Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-46422 Totolink X6000r Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Totolink X6000r Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-30967 CVSS 9.8

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user t...

CVE-2023-31422 CVSS 9

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error.

CVE-2023-45137 CVSS 9

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2023-46133 CVSS 9.1

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript.

CVE-2023-46233 CVSS 9.1

crypto-js is a JavaScript library of crypto standards.

CVE-2023-46421 CVSS 9.8

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.

CVE-2023-46422 CVSS 9.8

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.

CVE-2023-46423 CVSS 9.8

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.

CVE-2023-46424 CVSS 9.8

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.

CVE-2023-46584 CVSS 9.8

SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privil...

View critical disclosures

cvelogic Threat Intelligence