Nov 17, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-41101 An issue was discovered in the captive portal in OpenNDS before version 10.1.3.

  • CVSS 9.8

New critical Opennds Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-44350 Adobe Coldfusion RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Adobe Coldfusion RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-44351 Adobe Coldfusion RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Adobe Coldfusion RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-38316 CVSS 9.8

An issue was discovered in OpenNDS Captive Portal before version 10.1.2.

CVE-2023-41101 CVSS 9.8

An issue was discovered in the captive portal in OpenNDS before version 10.1.3.

CVE-2023-43177 CVSS 9.8

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.

CVE-2023-44324 CVSS 9.8

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result i...

CVE-2023-44350 CVSS 9.8

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...

CVE-2023-44351 CVSS 9.8

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...

CVE-2023-44353 CVSS 9.8

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...

CVE-2023-47797 CVSS 9.6

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remot...

CVE-2023-48028 CVSS 9.8

kodbox 1.46.01 has a security flaw that enables user enumeration.

CVE-2023-48659 CVSS 9.8

An issue was discovered in MISP before 2.4.176.

View critical disclosures

cvelogic Threat Intelligence