Apr 25, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-0916
Unauthenticated file upload allows remote code execution.
- CVSS 10
- Remote code execution exposure
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2024-32651
changedetection.io is an open source web page change detection, website watcher, restock monitor...
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2024-31615
ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Greenlight is an end-user interface for BigBlueButton servers.
Greenlight is an end-user interface for BigBlueButton servers.
Unauthenticated file upload allows remote code execution.
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall got...
Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code In...
ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service.
Portainer before 2.20.0 allows redirects when the target is not index.yaml.
An issue was discovered in Zammad before 6.3.0.
View critical disclosures
cvelogic
Threat Intelligence