Dec 14, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-45894 Parallels Remote Application Server RCE

  • CVSS 10
  • Remote code execution exposure

New critical Parallels Remote Application Server RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-40954 A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.

  • CVSS 9.8

New critical Gmarczynski Dynamic Progress Bar SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-47261 Dokmee Enterprise Content Management RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Dokmee Enterprise Content Management RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-0757 CVSS 9.8

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) all...

CVE-2023-40954 CVSS 9.8

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v.

CVE-2023-45894 CVSS 10

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows...

CVE-2023-46141 CVSS 9.8

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an rem...

CVE-2023-47261 CVSS 9.8

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request c...

CVE-2023-48049 CVSS 9.8

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v.

CVE-2023-48050 CVSS 9.8

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-at...

CVE-2023-48371 CVSS 9.8

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type.

CVE-2023-50073 CVSS 9.8

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php.

CVE-2023-50563 CVSS 9.8

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

View critical disclosures

cvelogic Threat Intelligence