4 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-4978Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code
Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root
Justice AV Solutions Viewer privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-4358Progress Telerik Report Server Authentication Bypass by Spoofing
New critical Progress Telerik Report Server Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-5514MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed pa...
CVSS 9.8
New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.