Dec 11, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Unitronics Vision PLC And HMI added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-48425 U-Boot vulnerability resulting in persistent Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Chromecast Firmware Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-6181 An oversight in BCB handling of reboot reason that allows for persistent code execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Chromecast Firmware Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Unitronics Vision PLC and HMI Insecure Default Password

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-36649 CVSS 9.1

Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to...

CVE-2023-48425 CVSS 9.8

U-Boot vulnerability resulting in persistent Code Execution

CVE-2023-49417 CVSS 9.8

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

CVE-2023-49418 CVSS 9.8

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

CVE-2023-49583 CVSS 9.1

SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of p...

CVE-2023-50245 CVSS 9.8

OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing.

CVE-2023-50422 CVSS 9.1

SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions f...

CVE-2023-50423 CVSS 9.1

SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of pr...

CVE-2023-50424 CVSS 9.1

SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain...

CVE-2023-6181 CVSS 9.8

An oversight in BCB handling of reboot reason that allows for persistent code execution

View critical disclosures

cvelogic Threat Intelligence