Apr 25, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-0916 Unauthenticated file upload allows remote code execution.

  • CVSS 10
  • Remote code execution exposure

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-32651 changedetection.io is an open source web page change detection, website watcher, restock monitor...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-31615 ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-36028 CVSS 9.1

Greenlight is an end-user interface for BigBlueButton servers.

CVE-2022-36029 CVSS 9.1

Greenlight is an end-user interface for BigBlueButton servers.

CVE-2024-0916 CVSS 10

Unauthenticated file upload allows remote code execution.

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall got...

CVE-2024-30560 CVSS 9.6

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.

CVE-2024-31266 CVSS 9.1

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code In...

CVE-2024-31615 CVSS 9.8

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php.

CVE-2024-32651 CVSS 10

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service.

CVE-2024-33661 CVSS 9.1

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

CVE-2024-33668 CVSS 9.1

An issue was discovered in Zammad before 6.3.0.

View critical disclosures

cvelogic Threat Intelligence