Feb 1, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-49617 Machinesense Feverwarn Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-48792 Zohocorp Manageengine Adaudit Plus SQL Injection

  • CVSS 9.8

New critical Zohocorp Manageengine Adaudit Plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-48793 Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

  • CVSS 9.8

New critical Zohocorp Manageengine Adaudit Plus SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-46706 CVSS 9.1

Multiple MachineSense devices have credentials unable to be changed by the user or administrator.

CVE-2023-48792 CVSS 9.8

Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option.

CVE-2023-48793 CVSS 9.8

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.

CVE-2023-49617 CVSS 10

The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication.

CVE-2024-21764 CVSS 9.8

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker...

CVE-2024-22320 CVSS 9.8

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

CVE-2024-22533 CVSS 9.8

Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability.

CVE-2024-22901 CVSS 9.8

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

CVE-2024-22902 CVSS 9.8

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

CVE-2024-23746 CVSS 9.8

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments...

View critical disclosures

cvelogic Threat Intelligence