Feb 12, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Roundcube Webmail added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS)

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-25100 Wpswings Coupon Referral Program Deserialization

  • CVSS 10

New critical Wpswings Coupon Referral Program Deserialization (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25108 Pixelfed is an open source photo sharing platform.

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Pixelfed privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Roundcube Webmail Persistent Cross-Site Scripting (XSS)

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-42374 CVSS 9.8

An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via...

CVE-2023-6036 CVSS 9.8

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login fl...

CVE-2024-22131 CVSS 9.1

In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a re...

CVE-2024-23759 CVSS 9.8

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelsh...

CVE-2024-23761 CVSS 9.8

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template.

CVE-2024-23763 CVSS 9.8

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifi...

CVE-2024-24797 CVSS 9.8

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Rece...

CVE-2024-25100 CVSS 10

Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Re...

CVE-2024-25108 CVSS 9.9

Pixelfed is an open source photo sharing platform.

CVE-2024-25110 CVSS 9.8

The UAMQP is a general purpose C library for AMQP 1.0.

View critical disclosures

cvelogic Threat Intelligence