Home
» Risk & Exploitation
» Daily threat intelligence
» Mar 20, 2024
Mar 20, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Walterjnr1 Employee Management System: public exploit or PoC linked (SQL Injection)
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Active exploit activity
CVE-2023-46022
Code-projects Blood Bank SQL Injection
Public exploit or PoC available
Exploit activity linked
Code-projects Blood Bank SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2023-46024
Phpgurukul Teacher Subject Allocation Management System SQL Injection
Public exploit or PoC available
Exploit activity linked
Phpgurukul Teacher Subject Allocation Management System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2024-2054
Articatech Artica Proxy Code Execution
CVSS 9.8
Remote code execution exposure
New critical Articatech Artica Proxy Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploit & PoC activity
SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter...
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation.
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' pa...
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
An issue discovered in Axigen Mail Server 10.3.x before 10.3.1.27 and 10.3.2.x before 10.3.3.1 allows unauthenticated attackers to submit...
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently...
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...
SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted...
An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader...
TOMP Bare Server implements the TompHTTP bare server.
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated...
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.
datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster.
View critical disclosures
cvelogic
Threat Intelligence