Jan 2, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Spreadsheet::ParseExcel added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Google Chromium WebRTC Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-48418 Google Pixel Watch Firmware privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Google Pixel Watch Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-48419 Google Home Firmware privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Google Home Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Spreadsheet::ParseExcel Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-33025 CVSS 9.8

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

CVE-2023-33030 CVSS 9.3

Memory corruption in HLOS while running playready use-case.

CVE-2023-33032 CVSS 9.3

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region.

CVE-2023-4280 CVSS 9.3

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the tru...

CVE-2023-47458 CVSS 9.8

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

CVE-2023-48418 CVSS 10

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure...

CVE-2023-48419 CVSS 10

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege

CVE-2023-6339 CVSS 10

Google Nest WiFi Pro root code-execution & user-data compromise

CVE-2023-6436 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template a...

CVE-2024-21623 CVSS 9.8

OTCLient is an alternative tibia client for otserv.

View critical disclosures

cvelogic Threat Intelligence