Feb 26, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Wyrestorm Apollo Vx20 Firmware: public exploit or PoC linked
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2024-22318 Ibm I Access Client Solutions

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Active exploit activity

CVE-2024-25734 An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2024-24095 Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.

  • CVSS 9.8

New critical Code-projects Simple Stock System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-25734 Exploit

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.

CVE-2024-25735 Exploit

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.

CVE-2024-25736 Exploit

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.

CVE-2024-22318 Exploit

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosur...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-41506 CVSS 9.8

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows att...

CVE-2024-24095 CVSS 9.8

Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.

CVE-2024-24401 CVSS 9.8

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monito...

CVE-2024-24402 CVSS 9.8

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd co...

CVE-2024-25247 CVSS 9.8

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latit...

CVE-2024-25248 CVSS 9.8

SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via t...

CVE-2024-25751 CVSS 9.8

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to exec...

CVE-2024-27447 CVSS 9.8

pretix before 2024.1.1 mishandles file validation.

CVE-2024-27455 CVSS 9.1

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attem...

CVE-2024-27456 CVSS 9.1

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.

View critical disclosures

cvelogic Threat Intelligence