Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 21, 2023
Dec 21, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
QNAP VioStor NVR added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2023-47565
QNAP VioStor NVR OS Command Injection
Actively exploited (CISA KEV)
Listed on CISA KEV
QNAP VioStor NVR Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
New critical Filerun SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-48716
Projectworlds Student Result Management System SQL Injection
New critical Projectworlds Student Result Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
QNAP VioStor NVR OS Command Injection
FXC AE1021, AE1021PE OS Command Injection
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request.
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets.
View critical disclosures
cvelogic
Threat Intelligence