Feb 16, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-25320 Tongda2000 Office Anywhere SQL Injection

  • CVSS 9.8

New critical Tongda2000 Office Anywhere SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-24377 Idocview

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2024-21915 Rockwellautomation Factorytalk Services Platform Privilege Escalation

  • CVSS 9
  • Potential privilege escalation to admin/root

New high-severity Rockwellautomation Factorytalk Services Platform Privilege Escalation — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP).

CVE-2024-24377 CVSS 9.8

An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted scr...

CVE-2024-25320 CVSS 9.8

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.

View critical disclosures

cvelogic Threat Intelligence