Apr 8, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-31224 GPT Academic provides interactive interfaces for large language models.

  • CVSS 9.8
  • Remote code execution exposure

New critical Binary-husky Gpt Academic RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-31807 Totolink Ex200 Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Totolink Ex200 Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-23086 Mikkotommila Apfloat

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-43216 CVSS 9.1

AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.

CVE-2023-52538 CVSS 9.1

Vulnerability of package name verification being bypassed in the HwIms module.

CVE-2024-22949 CVSS 9.1

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation.

CVE-2024-23078 CVSS 9.1

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::co...

CVE-2024-23086 CVSS 9.8

Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double.

CVE-2024-27488 CVSS 9.8

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain...

CVE-2024-31022 CVSS 9.8

An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.

CVE-2024-31224 CVSS 9.8

GPT Academic provides interactive interfaces for large language models.

CVE-2024-31807 CVSS 9.8

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in...

CVE-2024-31815 CVSS 9.1

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSett...

View critical disclosures

cvelogic Threat Intelligence