Mar 20, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Walterjnr1 Employee Management System: public exploit or PoC linked (SQL Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-46022 Code-projects Blood Bank SQL Injection

  • Public exploit or PoC available
  • Exploit activity linked

Code-projects Blood Bank SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2023-46024 Phpgurukul Teacher Subject Allocation Management System SQL Injection

  • Public exploit or PoC available
  • Exploit activity linked

Phpgurukul Teacher Subject Allocation Management System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2024-2054 Articatech Artica Proxy Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Articatech Artica Proxy Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-28595 Exploit

SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter...

CVE-2023-6538 Exploit

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.

CVE-2023-46022 Exploit

SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' pa...

CVE-2023-46024 Exploit

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-26942 CVSS 9.1

An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit...

CVE-2024-1202 CVSS 9.8

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.

CVE-2024-2054 CVSS 9.8

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently...

CVE-2024-2443 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-25239 CVSS 9.8

SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted...

CVE-2024-25294 CVSS 9.1

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader...

CVE-2024-27922 CVSS 9.8

TOMP Bare Server implements the TompHTTP bare server.

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated...

CVE-2024-28231 CVSS 9.6

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

CVE-2024-29037 CVSS 9.1

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster.

View critical disclosures

cvelogic Threat Intelligence