Mar 3, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Mayurik Petrol Pump Management: public exploit or PoC linked (cross-site scripting)
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2024-27743 Mayurik Petrol Pump Management cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

Mayurik Petrol Pump Management cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2024-27744 Mayurik Petrol Pump Management cross-site scripting

  • Public exploit or PoC available
  • Exploit activity linked

Mayurik Petrol Pump Management cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2024-20017 In wlan service, there is a possible out of bounds write due to improper input validation.

  • CVSS 9.8
  • Remote code execution exposure

New critical Mediatek Openwrt RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-27743 Exploit

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted pay...

CVE-2024-27744 Exploit

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted pay...

CVE-2024-27746 Exploit

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to...

CVE-2024-27747 Exploit

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to t...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-20017 CVSS 9.8

In wlan service, there is a possible out of bounds write due to improper input validation.

CVE-2024-20018 CVSS 9.8

In wlan driver, there is a possible out of bounds write due to improper input validation.

CVE-2024-24302 CVSS 9.8

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote a...

CVE-2024-25847 CVSS 9.8

SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop version...

View critical disclosures

cvelogic Threat Intelligence