Nov 1, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-39281 Insydeh2o RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Insydeh2o RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-44025 Addify Free Gifts SQL Injection

  • CVSS 9.8

New critical Addify Free Gifts SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-45012 Online Bus Booking System Project Online Bus Booking System SQL Injection

  • CVSS 9.8

New critical Online Bus Booking System Project Online Bus Booking System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-39281 CVSS 9.8

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to...

CVE-2023-44025 CVSS 9.8

SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted...

CVE-2023-45012 CVSS 9.8

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-45015 CVSS 9.8

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-45018 CVSS 9.8

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-45019 CVSS 9.8

Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-45111 CVSS 9.8

Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-46482 CVSS 9.8

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality...

CVE-2023-5765 CVSS 9.8

Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an...

CVE-2023-5766 CVSS 9.8

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute c...

View critical disclosures

cvelogic Threat Intelligence