Apr 18, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-30922 Derbynet SQL Injection

  • CVSS 9.8

New critical Derbynet SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-30923 Derbynet SQL Injection

  • CVSS 9.8

New critical Derbynet SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-30938 Sem-cms Semcms SQL Injection

  • CVSS 9.8

New critical Sem-cms Semcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-22061 CVSS 9.8

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to...

CVE-2024-24996 CVSS 9.8

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker t...

CVE-2024-2796 CVSS 9.3

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3.

Judge0 is an open-source online code execution system.

CVE-2024-29204 CVSS 9.8

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker t...

CVE-2024-30564 CVSS 9.8

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a craft...

CVE-2024-30922 CVSS 9.8

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Re...

CVE-2024-30923 CVSS 9.8

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer D...

CVE-2024-30938 CVSS 9.8

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_U...

CVE-2024-31750 CVSS 9.8

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.

View critical disclosures

cvelogic Threat Intelligence