Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 14, 2023
Dec 14, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2023-45894
Parallels Remote Application Server RCE
CVSS 10
Remote code execution exposure
New critical Parallels Remote Application Server RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-40954
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.
New critical Gmarczynski Dynamic Progress Bar SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-47261
Dokmee Enterprise Content Management RCE
CVSS 9.8
Remote code execution exposure
New critical Dokmee Enterprise Content Management RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) all...
A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows...
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an rem...
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request c...
A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v.
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-at...
ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type.
EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
View critical disclosures
cvelogic
Threat Intelligence