NVD disclosure day

Published threat advisories for October 27, 2023

CVE-2023-46604

Apache ActiveMQ Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in the Java OpenWire protocol marshaller allows remote attackers to execute arbitrary shell commands on affected systems. This could lead to the compromise of business systems and data. Organizations should identify and update vulnerable Apache ActiveMQ instances promptly to mitigate this risk.

NVD published: October 27, 2023 • CISA KEV

CVE advisoryCRITICAL

CVE-2023-5807

Attacker can steal or change customer data from TRtek Education Portal

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in TRtek Education Portal lets attackers steal or change sensitive student and administrative data remotely, with no login needed. Update immediately.

NVD published: October 27, 2023