Apr 3, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-25096 Canto

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-24707

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-27972

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper...

CVE-2023-44039 CVSS 9.1

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is al...

CVE-2024-24707 CVSS 9.9

Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL.

CVE-2024-25096 CVSS 10

Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc.

CVE-2024-2692 CVSS 9

SiYuan version 3.0.3 allows executing arbitrary commands on the server.

CVE-2024-27972 CVSS 9.9

Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects W...

CVE-2024-30568 CVSS 9.8

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.

CVE-2024-31380 CVSS 9.9

Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.

CVE-2024-31390 CVSS 9.9

: Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects...

CVE-2024-3272 CVSS 9.8

D-Link Multiple NAS Devices Use of Hard-Coded Credentials

View critical disclosures

cvelogic Threat Intelligence