Feb 20, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-42496 Liferay Digital Experience Platform XSS

  • CVSS 9.6

New critical Liferay Digital Experience Platform XSS (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-42498 Liferay Digital Experience Platform XSS

  • CVSS 9.6

New critical Liferay Digital Experience Platform XSS (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-26269 Liferay Digital Experience Platform XSS

  • CVSS 9.6

New critical Liferay Digital Experience Platform XSS (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and...

CVE-2023-42496 CVSS 9.6

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Life...

CVE-2023-42498 CVSS 9.6

Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and L...

CVE-2024-1631 CVSS 9.1

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a...

Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported vers...

Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and...

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older u...

Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and...

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and...

CVE-2024-26269 CVSS 9.6

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP...

View critical disclosures

cvelogic Threat Intelligence