Nov 27, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-46349 Myprestamodules Updateproducts SQL Injection

  • CVSS 9.8

New critical Myprestamodules Updateproducts SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-48188 Store-opart Op\'art Devis SQL Injection

  • CVSS 9.8

New critical Store-opart Op\'art Devis SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-5604 Asgaros Forum RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Asgaros Forum RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-46349 CVSS 9.8

In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perf...

CVE-2023-46480 CVSS 9.8

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost paramete...

CVE-2023-47503 CVSS 9.8

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component...

CVE-2023-48188 CVSS 9.8

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a craf...

CVE-2023-49044 CVSS 9.8

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the f...

CVE-2023-4922 CVSS 9.8

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.

CVE-2023-5559 CVSS 9.1

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated...

CVE-2023-5604 CVSS 9.8

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set inse...

CVE-2023-5974 CVSS 9.8

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.

CVE-2023-6329 CVSS 9.8

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0.

View critical disclosures

cvelogic Threat Intelligence