Oct 26, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- Roundcube Webmail added to CISA KEV — confirmed in-the-wild exploitation.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2023-5631
Roundcube Webmail Persistent Cross-Site Scripting (XSS)
- Actively exploited (CISA KEV)
- Listed on CISA KEV
Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2018-17558
Abus Tvip 10000 Firmware Command Injection
New critical Abus Tvip 10000 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2018-17878
Abus Tvip 10000 Firmware Buffer Overflow
New critical Abus Tvip 10000 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Roundcube Webmail Persistent Cross-Site Scripting (XSS)
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6...
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to spr...
An issue was discovered on certain ABUS TVIP cameras.
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive in...
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and g...
F5 BIG-IP Configuration Utility Authentication Bypass
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain f...
View critical disclosures
cvelogic
Threat Intelligence