May 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Justice AV Solutions Viewer added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-4978 Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Justice AV Solutions Viewer privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-4358 Progress Telerik Report Server Authentication Bypass by Spoofing

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Progress Telerik Report Server Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-5514 MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed pa...

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-3050 CVSS 9.1

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to...

CVE-2024-3412 CVSS 9.1

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to mis...

CVE-2024-4358 CVSS 9.8

Progress Telerik Report Server Authentication Bypass by Spoofing

CVE-2024-5514 CVSS 9.8

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disable...

View critical disclosures

cvelogic Threat Intelligence