May 8, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-25529 Ruvaroa SQL Injection

  • CVSS 9.8

New critical Ruvaroa SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25530 Ruvaroa SQL Injection

  • CVSS 9.8

New critical Ruvaroa SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-25531 Ruvaroa SQL Injection

  • CVSS 9.8

New critical Ruvaroa SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-25527 CVSS 9.4

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_templat...

CVE-2024-25529 CVSS 9.8

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_histor...

CVE-2024-25530 CVSS 9.8

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condic...

CVE-2024-25531 CVSS 9.8

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondictio...

CVE-2024-25532 CVSS 9.8

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.

CVE-2024-25533 CVSS 9.4

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx).

CVE-2024-31961 CVSS 9.8

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands...

CVE-2024-32980 CVSS 9.1

Spin is the developer tool for building and running serverless applications powered by WebAssembly.

CVE-2024-34257 CVSS 9.8

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbit...

View critical disclosures

cvelogic Threat Intelligence