Feb 27, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-1403 Progress Openedge Auth Bypass

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical Progress Openedge Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25400 Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.

  • CVSS 9.8

New critical Intelliants Subrion SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25843 Prestashop Import\/update Bulk Product SQL Injection

  • CVSS 9.8

New critical Prestashop Import\/update Bulk Product SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices.

A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices.

A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices.

CVE-2023-50737 CVSS 9.1

The SE menu contains information used by Lexmark to diagnose device errors.

CVE-2024-1403 CVSS 10

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product,...

CVE-2024-25400 CVSS 9.8

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.

CVE-2024-25843 CVSS 9.8

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop,...

CVE-2024-25846 CVSS 9.1

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can uploa...

CVE-2024-27099 CVSS 9.8

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services.

CVE-2024-27905 CVSS 9.1

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora.

View critical disclosures

cvelogic Threat Intelligence