May 28, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-5274 Google Chromium V8 Type Confusion

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-35344 Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-43845 Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Aten Pe6208 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-43845 CVSS 9.8

Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account.

CVE-2024-33806 CVSS 9.8

A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to...

CVE-2024-33808 CVSS 9.8

A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker...

CVE-2024-34854 CVSS 9.8

F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.`

CVE-2024-35324 CVSS 9.8

Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php.

CVE-2024-35343 CVSS 9.8

Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to th...

CVE-2024-35344 CVSS 9.9

Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device.

CVE-2024-35510 CVSS 9.8

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code vi...

CVE-2024-35563 CVSS 9.8

CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPe...

CVE-2024-5150 CVSS 9.8

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26.

View critical disclosures

cvelogic Threat Intelligence