Mar 26, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft SharePoint Server added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-24955 Microsoft SharePoint Server Code Injection

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Microsoft SharePoint Server RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-48777 Elementor Website Builder

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-25393 A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.

  • CVSS 9.8

New critical Rt-thread Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-29386 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon:...

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through...

CVE-2023-47842 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0.

CVE-2023-47846 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a thr...

CVE-2023-47873 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme...

CVE-2023-48777 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Web...

CVE-2024-25393 CVSS 9.8

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.

CVE-2024-25421 CVSS 9.8

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.

CVE-2024-25735 CVSS 9.1

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.

CVE-2024-28545 CVSS 9.8

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.

View critical disclosures

cvelogic Threat Intelligence