May 24, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-31510 Openquantumsafe Liboqs privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Openquantumsafe Liboqs privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-35339 Tenda Fh1206 Firmware Command Injection

  • CVSS 9.8

New critical Tenda Fh1206 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-35373 Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.

  • CVSS 9.8
  • Remote code execution exposure

New critical Mocodo Online RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-47548 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflo...

CVE-2024-31510 CVSS 9.8

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in th...

CVE-2024-35339 CVSS 9.8

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.

CVE-2024-35373 CVSS 9.8

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.

CVE-2024-35374 CVSS 9.8

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers...

CVE-2024-35387 CVSS 9.8

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

CVE-2024-35396 CVSS 9.8

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which...

CVE-2024-35592 CVSS 9.6

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a c...

CVE-2024-5314 CVSS 9.1

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.

CVE-2024-5315 CVSS 9.1

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.

View critical disclosures

cvelogic Threat Intelligence