Feb 6, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-4762 Google Chromium V8 Type Confusion

Actively exploited (CISA KEV)
Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-24594 Clearml XSS

CVSS 9.9

New critical Clearml XSS (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-23917 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

CVSS 9.8
Authentication bypass — unauthenticated access risk

New critical Jetbrains Teamcity Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-4762 KEV

Google Chromium V8 Type Confusion

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-33072 CVSS 9.3

Memory corruption in Core while processing control functions.

CVE-2024-22853 CVSS 9.8

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtai...

CVE-2024-23917 CVSS 9.8

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

CVE-2024-24000 CVSS 9.8

jshERP v3.3 is vulnerable to Arbitrary File Upload.

CVE-2024-24013 CVSS 9.8

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.

CVE-2024-24015 CVSS 9.8

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.

CVE-2024-24592 CVSS 9.8

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrari...

CVE-2024-24593 CVSS 9.6

A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platfo...

CVE-2024-24594 CVSS 9.9

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote a...

CVE-2024-25140 CVSS 9.8

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with En...

View critical disclosures

cvelogic Threat Intelligence