Apr 5, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-22004 Google Nest Wifi Point Firmware privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Google Nest Wifi Point Firmware privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-48426 u-boot bug that allows for u-boot shell and interrupt over UART

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-29756 In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow.

  • CVSS 9.8

New critical Google Android Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-48426 CVSS 10

u-boot bug that allows for u-boot shell and interrupt over UART

CVE-2024-22004 CVSS 10

Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the sec...

CVE-2024-27448 CVSS 9.1

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver....

CVE-2024-29756 CVSS 9.8

In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow.

CVE-2024-30849 CVSS 9.8

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code vi...

CVE-2024-31218 CVSS 9.8

Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites.

CVE-2024-31848 CVSS 9.8

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, w...

CVE-2024-31849 CVSS 9.8

A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, whic...

View critical disclosures

cvelogic Threat Intelligence