Feb 19, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 42gears Suremdm: public exploit or PoC linked
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-3897 42gears Suremdm

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2024-1597 pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.

  • CVSS 10

New critical Fedoraproject Fedora SQL injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-1651 Torrentpier version 2.4.1 allows executing arbitrary commands on the server.

  • CVSS 10

New critical Torrentpier Deserialization (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2023-3897 Exploit

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumer...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-50257 CVSS 9.6

eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

CVE-2023-6260 CVSS 9

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows O...

CVE-2024-1597 CVSS 10

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.

CVE-2024-1644 CVSS 9.9

Suite CRM version 7.14.2 allows including local php files.

CVE-2024-1651 CVSS 10

Torrentpier version 2.4.1 allows executing arbitrary commands on the server.

CVE-2024-21896 CVSS 9.8

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user.

CVE-2024-24722 CVSS 9.1

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain ele...

View critical disclosures

cvelogic Threat Intelligence