Apr 12, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Palo Alto Networks PAN-OS added to CISA KEV — confirmed in-the-wild exploitation.
  • Ray Project Ray: public exploit or PoC linked (Command Injection)
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection

  • Actively exploited (CISA KEV)
  • CVSS 10
  • Listed on CISA KEV

Palo Alto Networks PAN-OS Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2023-6019 Ray Project Ray Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

Ray Project Ray Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2023-51409 Meowapps Ai Engine

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2024-3400 KEV CVSS 10

Palo Alto Networks PAN-OS Command Injection

View KEV additions

Exploit & PoC activity

CVE-2024-31777 Exploit

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadg...

CVE-2024-31804 Exploit

An unquoted service path vulnerability in Terratec DMX_6Fire USB v.1.23.0.02 allows a local attacker to escalate privileges via the Progr...

CVE-2023-6019 Exploit

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray da...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-51409 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: Chat...

CVE-2024-28718 CVSS 9.8

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py.

CVE-2024-28878 CVSS 9.6

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying t...

CVE-2024-30407 CVSS 9.2

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing...

CVE-2024-31818 CVSS 9.8

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kios...

CVE-2024-3704 CVSS 9.8

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto).

View critical disclosures

cvelogic Threat Intelligence