Dec 25, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-34268 An issue was discovered in RWS WorldServer before 11.7.3.

  • CVSS 9.8

New critical Rws Worldserver unsafe deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-49954 3cx SQL Injection

  • CVSS 9.8

New critical 3cx SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-51771 Starnight Micro Http Server Buffer Overflow

  • CVSS 9.8

New critical Starnight Micro Http Server Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-34267 CVSS 9.8

An issue was discovered in RWS WorldServer before 11.7.3.

CVE-2022-34268 CVSS 9.8

An issue was discovered in RWS WorldServer before 11.7.3.

CVE-2023-31224 CVSS 9.8

There is broken access control during authentication in Jamf Pro Server before 10.46.1.

CVE-2023-48654 CVSS 9.8

One Identity Password Manager before 5.13.1 allows Kiosk Escape.

CVE-2023-49954 CVSS 9.8

The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email addr...

CVE-2023-51771 CVSS 9.8

In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/server.c allows a one-byte recv buffer overflow via a lon...

View critical disclosures

cvelogic Threat Intelligence