Dec 8, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-48423 Google Android RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-48929 Franklin-electric System Sentinel Anyware privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Franklin-electric System Sentinel Anyware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-49007 Netgear Rbr750 Firmware Buffer Overflow

  • CVSS 9.8

New critical Netgear Rbr750 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-46498 CVSS 9.8

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code...

CVE-2023-48423 CVSS 9.8

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check.

CVE-2023-48929 CVSS 9.8

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation.

CVE-2023-49007 CVSS 9.8

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.

CVE-2023-49443 CVSS 9.8

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords.

View critical disclosures

cvelogic Threat Intelligence