Feb 9, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Fortinet FortiOS added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write

  • Actively exploited (CISA KEV)
  • CVSS 9.8
  • Listed on CISA KEV

Fortinet FortiOS Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-6677 Oduyo Online Collection SQL Injection

  • CVSS 9.8

New critical Oduyo Online Collection SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25302 Remyandrade Event Student Attendance System SQL Injection

  • CVSS 9.8

New critical Remyandrade Event Student Attendance System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-6677 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online C...

CVE-2024-25302 CVSS 9.8

Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.

CVE-2024-25307 CVSS 9.8

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."

CVE-2024-25314 CVSS 9.8

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

CVE-2024-25315 CVSS 9.8

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

CVE-2024-25316 CVSS 9.8

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.

CVE-2024-25674 CVSS 9.8

An issue was discovered in MISP before 2.4.184.

CVE-2024-25675 CVSS 9.8

An issue was discovered in MISP before 2.4.184.

CVE-2024-25678 CVSS 9.8

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.

View critical disclosures

cvelogic Threat Intelligence