Home
» Risk & Exploitation
» Daily threat intelligence
» May 24, 2024
May 24, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-31510
Openquantumsafe Liboqs privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Openquantumsafe Liboqs privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-35339
Tenda Fh1206 Firmware Command Injection
New critical Tenda Fh1206 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-35373
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
CVSS 9.8
Remote code execution exposure
New critical Mocodo Online RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflo...
An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in th...
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.
Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers...
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which...
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a c...
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.
View critical disclosures
cvelogic
Threat Intelligence