Jan 16, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Laravel Framework added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2018-15133 Laravel Deserialization of Untrusted Data

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Laravel Framework RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-0224 Givewp SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Givewp SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-3211 Dmparekh Wordpress Database Administrator SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Dmparekh Wordpress Database Administrator SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-1609 CVSS 9.8

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers...

CVE-2023-0224 CVSS 9.8

The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthentica...

CVE-2023-3211 CVSS 9.8

The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in...

CVE-2023-39691 CVSS 9.8

An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.

CVE-2023-49351 CVSS 9.8

A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrit...

CVE-2023-52041 CVSS 9.8

An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the s...

CVE-2023-52042 CVSS 9.8

An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the '...

CVE-2023-52103 CVSS 9.8

Buffer overflow vulnerability in the FLP module.

CVE-2024-22406 CVSS 9.3

Shopware is an open headless commerce platform.

CVE-2024-22916 CVSS 9.8

In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.

View critical disclosures

cvelogic Threat Intelligence