Dec 28, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-7163 Dlink D-view 8 DoS

  • CVSS 10

New critical Dlink D-view 8 DoS (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-4671 Talentyazilim Ecop SQL Injection

  • CVSS 9.8

New critical Talentyazilim Ecop SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-50104 Zzcms privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Zzcms privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-4671 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talent Software ECOP allows Command...

CVE-2023-50104 CVSS 9.8

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server pri...

CVE-2023-50839 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best He...

CVE-2023-51434 CVSS 9.3

Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.

CVE-2023-52173 CVSS 9.8

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.

CVE-2023-52174 CVSS 9.8

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.

CVE-2023-7163 CVSS 10

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-Vi...

View critical disclosures

cvelogic Threat Intelligence