Mar 1, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-27298 parse-server is a Parse Server for Node.js / Express.

  • CVSS 10

New critical Parseplatform Parse-server SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-7243 Cisa Icsnpp-ethercat RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Cisa Icsnpp-ethercat RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-7244 Cisa Icsnpp-ethercat RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Cisa Icsnpp-ethercat RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-49543 CVSS 9.8

Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative func...

CVE-2023-7243 CVSS 9.8

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-b...

CVE-2023-7244 CVSS 9.8

Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-b...

CVE-2024-1624 CVSS 9.4

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DE...

CVE-2024-21767 CVSS 9.4

A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.

CVE-2024-25091 CVSS 9.1

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' f...

CVE-2024-25293 CVSS 9.3

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.

CVE-2024-27298 CVSS 10

parse-server is a Parse Server for Node.js / Express.

CVE-2024-27746 CVSS 9.8

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to...

CVE-2024-27747 CVSS 9.8

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to t...

View critical disclosures

cvelogic Threat Intelligence