Feb 28, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-51801 Oretnom23 Simple Student Attendance System SQL Injection

  • CVSS 9.8

New critical Oretnom23 Simple Student Attendance System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-23807 Apache Xerces-c\+\+ Use-After-Free

  • CVSS 9.8

New critical Apache Xerces-c\+\+ Use-After-Free (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25833 F-logic Datacube3 SQL Injection

  • CVSS 9.8

New critical F-logic Datacube3 SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-51773 CVSS 9.1

BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.

CVE-2023-51801 CVSS 9.8

SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafte...

CVE-2024-23052 CVSS 9.8

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() fu...

CVE-2024-23328 CVSS 9.1

Dataease is an open source data visualization analysis tool.

CVE-2024-23807 CVSS 9.8

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external...

CVE-2024-25065 CVSS 9.1

Possible path traversal in Apache OFBiz allowing authentication bypass.

CVE-2024-25128 CVSS 9.1

Flask-AppBuilder is an application development framework, built on top of Flask.

CVE-2024-25830 CVSS 9.8

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction.

CVE-2024-25833 CVSS 9.8

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute ar...

CVE-2024-27516 CVSS 9.8

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and...

View critical disclosures

cvelogic Threat Intelligence