Jan 9, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-51438 Microchip Maxview Storage Manager

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-31446 Cassianetworks Xc1000 Firmware privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Cassianetworks Xc1000 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-49237 An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices.

  • CVSS 9.8

New critical Trendnet Tv-ip1314pi Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-3043 CVSS 9.6

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.

CVE-2023-31446 CVSS 9.8

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized.

CVE-2023-37293 CVSS 9.6

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network.

CVE-2023-49237 CVSS 9.8

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices.

CVE-2023-49621 CVSS 9.8

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7).

CVE-2023-50585 CVSS 9.8

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

CVE-2023-51438 CVSS 10

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC...

CVE-2023-5347 CVSS 9.8

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the who...

CVE-2023-7221 CVSS 9.8

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923.

CVE-2024-0057 CVSS 9.1

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

View critical disclosures

cvelogic Threat Intelligence