May 30, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Check Point Quantum Security Gateways added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-1086 Linux Kernel Use-After-Free

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Linux Kernel Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-35349 A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

  • CVSS 9.8

New critical Dino Physics School Assistant Project Dino Physics School Assistant SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-35350 A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

  • CVSS 9.8

New critical Dino Physics School Assistant Project Dino Physics School Assistant SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2024-24919 KEV

Check Point Quantum Security Gateways Information Disclosure

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-2421 CVSS 9.3

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and inclu...

CVE-2024-2422 CVSS 9.3

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and includi...

CVE-2024-3300 CVSS 9

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication r...

CVE-2024-35349 CVSS 9.8

A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

CVE-2024-35350 CVSS 9.8

A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

CVE-2024-35353 CVSS 9.8

A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

CVE-2024-35359 CVSS 9.8

A vulnerability has been discovered in Diño Physics School Assistant version 2.3.

CVE-2024-35469 CVSS 9.8

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary...

CVE-2024-36031 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry tim...

CVE-2024-36896 CVSS 9.1

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing wi...

View critical disclosures

cvelogic Threat Intelligence