Mar 14, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9bis Kitty: public exploit or PoC linked (RCE)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-23333 Contec Solarview Compact Firmware Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

Contec Solarview Compact Firmware Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2023-3710 Honeywell Pm43 Firmware Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

Honeywell Pm43 Firmware Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2024-25139 Tp-link Omada Er605 Firmware Code Execution

  • CVSS 10
  • Remote code execution exposure

New critical Tp-link Omada Er605 Firmware Code Execution (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-23749 Exploit

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input saniti...

CVE-2024-25003 Exploit

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds ch...

CVE-2024-25004 Exploit

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds ch...

CVE-2023-7028 Exploit

GitLab Community and Enterprise Editions Improper Access Control

CVE-2023-5702 Exploit

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic.

CVE-2023-5222 Exploit

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0.

CVE-2023-3710 Exploit

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue a...

CVE-2023-23333 Exploit

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restri...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-42286 CVSS 9.8

There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system...

CVE-2024-0802 CVSS 9.8

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remot...

CVE-2024-0803 CVSS 9.8

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a...

CVE-2024-1915 CVSS 9.8

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remot...

CVE-2024-1916 CVSS 9.8

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a...

CVE-2024-1917 CVSS 9.8

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a...

CVE-2024-25139 CVSS 10

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based bu...

CVE-2024-26503 CVSS 9.1

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary cod...

CVE-2024-28383 CVSS 9.8

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.

CVE-2024-28423 CVSS 9.8

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py.

View critical disclosures

cvelogic Threat Intelligence