Feb 8, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-24830 Openobserve privilege escalation

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Openobserve privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-40266 Mitel Unify Openscape Xpressions Webassistant Path Traversal

  • CVSS 9.8

New critical Mitel Unify Openscape Xpressions Webassistant Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-47132 N-able N-central privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical N-able N-central privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-40266 CVSS 9.8

An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911.

CVE-2023-46687 CVSS 9.8

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary command...

CVE-2023-47132 CVSS 9.8

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

CVE-2024-22836 CVSS 9.8

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier.

CVE-2024-24393 CVSS 9.8

File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request.

CVE-2024-24495 CVSS 9.8

SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via cra...

CVE-2024-24496 CVSS 9.8

An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.p...

CVE-2024-24830 CVSS 9.9

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale.

CVE-2024-25106 CVSS 9.1

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale.

View critical disclosures

cvelogic Threat Intelligence