Nov 17, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2023-41101
An issue was discovered in the captive portal in OpenNDS before version 10.1.3.
New critical Opennds Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
- CVSS 9.8
- Remote code execution exposure
New critical Adobe Coldfusion RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
- CVSS 9.8
- Remote code execution exposure
New critical Adobe Coldfusion RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An issue was discovered in OpenNDS Captive Portal before version 10.1.2.
An issue was discovered in the captive portal in OpenNDS before version 10.1.3.
CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes.
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result i...
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerabili...
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remot...
kodbox 1.46.01 has a security flaw that enables user enumeration.
An issue was discovered in MISP before 2.4.176.
View critical disclosures
cvelogic
Threat Intelligence