May 1, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • GitLab CE/EE added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2023-26793 Libmodbus Buffer Overflow

  • CVSS 9.8

New critical Libmodbus Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-47212 Fedoraproject Fedora Buffer Overflow

  • CVSS 9.8

New critical Fedoraproject Fedora Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-7028 KEV

GitLab Community and Enterprise Editions Improper Access Control

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-26793 CVSS 9.8

libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.

CVE-2023-46295 CVSS 9.8

An issue was discovered in Teledyne FLIR M300 2.00-19.

CVE-2023-47212 CVSS 9.8

A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22.

CVE-2023-49606 CVSS 9.8

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0.

CVE-2024-26304 CVSS 9.8

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execut...

CVE-2024-26305 CVSS 9.8

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sen...

CVE-2024-33078 CVSS 9.8

Tencent Libpag v4.3 is vulnerable to Buffer Overflow.

CVE-2024-33511 CVSS 9.8

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code exe...

CVE-2024-33512 CVSS 9.8

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated...

CVE-2024-4142 CVSS 9

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.

View critical disclosures

cvelogic Threat Intelligence