Dec 5, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Qualcomm Multiple Chipsets: 4 CVEs added to CISA KEV today.
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-22071 Qualcomm Multiple Chipsets Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Qualcomm Multiple Chipsets Use-After-Free is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-6269 Atos Unify Openscape Bcf

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-49070 Pre-auth RCE in Apache Ofbiz 18.12.09.

  • CVSS 9.8
  • Remote code execution exposure

New critical Apache Ofbiz RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-33106 KEV

Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-48930 CVSS 9.8

xinhu xinhuoa 2.2.1 contains a File upload vulnerability.

CVE-2023-6269 CVSS 10

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session...

CVE-2023-6448 CVSS 9.8

Unitronics Vision PLC and HMI Insecure Default Password

View critical disclosures

cvelogic Threat Intelligence