Jan 4, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-50864 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

  • CVSS 9.8

New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-50865 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

  • CVSS 9.8

New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-50866 Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

  • CVSS 9.8

New critical Kashipara Travel Website SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-50864 CVSS 9.8

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-50865 CVSS 9.8

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-50866 CVSS 9.8

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-50867 CVSS 9.8

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

CVE-2023-51154 CVSS 9.8

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

CVE-2023-51812 CVSS 9.8

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetCont...

CVE-2024-22051 CVSS 9.8

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability.

CVE-2024-22086 CVSS 9.8

handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execu...

CVE-2024-22087 CVSS 9.8

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote cod...

CVE-2024-22088 CVSS 9.8

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mish...

View critical disclosures

cvelogic Threat Intelligence