Apr 30, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft SmartScreen Prompt added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-33768 Sammycage Lunasvg

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-33267 SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escala...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft SmartScreen Prompt Security Feature Bypass

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2019-19752 CVSS 9.8

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identificat...

CVE-2019-19753 CVSS 9.1

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes...

CVE-2019-19755 CVSS 9.1

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identifi...

CVE-2023-49473 CVSS 9.8

Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerabl...

CVE-2024-33267 CVSS 9.8

SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatew...

CVE-2024-33273 CVSS 9.8

SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function.

CVE-2024-33275 CVSS 9.8

SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super N...

CVE-2024-33308 CVSS 9.1

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the...

CVE-2024-33768 CVSS 9.8

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

CVE-2024-3411 CVSS 9.1

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker...

View critical disclosures

cvelogic Threat Intelligence