Mar 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-30247 Nextcloudpi Command Injection

  • CVSS 10

New critical Nextcloudpi Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-3094 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-29202 JumpServer is an open source bastion host and an operation and maintenance security audit system.

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Fit2cloud Jumpserver privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-49231 CVSS 9.8

An authentication bypass vulnerability was found in Stilog Visual Planning 8.

CVE-2023-49232 CVSS 9.8

An authentication bypass vulnerability was found in Stilog Visual Planning 8.

CVE-2024-28288 CVSS 9.8

Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset...

CVE-2024-29202 CVSS 9.9

JumpServer is an open source bastion host and an operation and maintenance security audit system.

CVE-2024-29640 CVSS 9.8

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid par...

CVE-2024-29667 CVSS 9.8

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate...

CVE-2024-30247 CVSS 10

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards.

CVE-2024-30502 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects...

CVE-2024-3094 CVSS 10

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.

CVE-2024-31032 CVSS 9.8

An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbi...

View critical disclosures

cvelogic Threat Intelligence