Home
» Risk & Exploitation
» Daily threat intelligence
» Feb 9, 2024
Feb 9, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Fortinet FortiOS added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-21762
Fortinet FortiOS Out-of-Bound Write
Actively exploited (CISA KEV)
CVSS 9.8
Listed on CISA KEV
Fortinet FortiOS Out-of-Bounds Write is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2023-6677
Oduyo Online Collection SQL Injection
New critical Oduyo Online Collection SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-25302
Remyandrade Event Student Attendance System SQL Injection
New critical Remyandrade Event Student Attendance System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Fortinet FortiOS Out-of-Bound Write
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online C...
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
An issue was discovered in MISP before 2.4.184.
An issue was discovered in MISP before 2.4.184.
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
View critical disclosures
cvelogic
Threat Intelligence