Apr 9, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-24576 Rust is a programming language.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-1813 Presstigers Simple Job Board Deserialization

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Presstigers Simple Job Board Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-3136 Stylemixthemes Masterstudy Lms

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-45590 CVSS 9.6

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 t...

CVE-2024-1813 CVSS 9.8

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserial...

CVE-2024-2804 CVSS 9.8

The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including...

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVE-2024-3119 CVSS 9

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP...

CVE-2024-3120 CVSS 9

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1.

CVE-2024-3136 CVSS 9.8

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'templ...

CVE-2024-31864 CVSS 9.8

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.

CVE-2024-31866 CVSS 9.8

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.

View critical disclosures

cvelogic Threat Intelligence