Jan 4, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2023-50864
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-50865
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2023-50866
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetCont...
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability.
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execu...
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote cod...
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mish...
View critical disclosures
cvelogic
Threat Intelligence