Apr 24, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD): 2 CVEs added to CISA KEV today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-20353 Cisco ASA and FTD Denial of Service

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Network edge / SD-WAN deployments affected

Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) DoS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2023-31090 Unlimited-elements Unlimited Elements For Elementor

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-28613 Mayurik Php Task Management System SQL Injection

  • CVSS 9.8

New critical Mayurik Php Task Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-31090 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addon...

CVE-2023-51425 CVSS 9.8

Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects R...

CVE-2023-51472 CVSS 9.8

Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestre...

CVE-2023-51477 CVSS 9.8

Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.T...

CVE-2024-28613 CVSS 9.8

SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive info...

CVE-2024-32709 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue...

CVE-2024-32836 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-...

CVE-2024-32948 CVSS 9.1

Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28.

CVE-2024-32954 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4...

View critical disclosures

cvelogic Threat Intelligence