Feb 13, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-21410 Microsoft Exchange Server Privilege Escalation

  • CVSS 9.8
  • Enterprise mail systems at risk

New critical Microsoft Exchange Server Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-21413 Microsoft Outlook Improper Input Validation

  • CVSS 9.8
  • Remote code execution exposure

New critical Microsoft Office Outlook RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows SmartScreen Security Feature Bypass

Microsoft Windows Internet Shortcut Files Security Feature Bypass

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-1355 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-1359 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-1369 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-1372 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-1374 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-1378 CVSS 9.1

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Manageme...

CVE-2024-21410 CVSS 9.8

Microsoft Exchange Server Privilege Escalation

CVE-2024-24142 CVSS 9.8

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.

CVE-2024-24691 CVSS 9.6

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an...

View critical disclosures

cvelogic Threat Intelligence