Nov 3, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-25960 Zendrop SQL Injection

  • CVSS 10

New critical Zendrop SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-36529 Favethemes Houzez SQL Injection

  • CVSS 9.9

New critical Favethemes Houzez SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-46404 Utoronto Pcrs RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Utoronto Pcrs RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-23368 CVSS 9.8

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

CVE-2023-23369 CVSS 9

An OS command injection vulnerability has been reported to affect several QNAP operating system versions.

CVE-2023-25960 CVSS 10

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop – Global Dropshippi...

CVE-2023-3277 CVSS 9.8

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and includin...

CVE-2023-36529 CVSS 9.9

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate Wor...

CVE-2023-3961 CVSS 9.1

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a priva...

CVE-2023-41355 CVSS 9.8

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages.

CVE-2023-46404 CVSS 9.9

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.

CVE-2023-46846 CVSS 9.3

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response s...

CVE-2023-46980 CVSS 9.8

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted...

View critical disclosures

cvelogic Threat Intelligence