Home
» Risk & Exploitation
» Daily threat intelligence
» Feb 28, 2024
Feb 28, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2023-51801
Oretnom23 Simple Student Attendance System SQL Injection
New critical Oretnom23 Simple Student Attendance System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-23807
Apache Xerces-c\+\+ Use-After-Free
New critical Apache Xerces-c\+\+ Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-25833
F-logic Datacube3 SQL Injection
New critical F-logic Datacube3 SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafte...
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() fu...
Dataease is an open source data visualization analysis tool.
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external...
Possible path traversal in Apache OFBiz allowing authentication bypass.
Flask-AppBuilder is an application development framework, built on top of Flask.
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction.
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute ar...
Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and...
View critical disclosures
cvelogic
Threat Intelligence