Jun 2, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-20067 In modem, there is a possible out of bounds write due to improper input invalidation.

  • CVSS 9.8

New critical Mediatek Nr16 DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-27776 Milesight Devicehub Path Traversal

  • CVSS 9.8

New critical Milesight Devicehub Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-20067 CVSS 9.8

In modem, there is a possible out of bounds write due to improper input invalidation.

CVE-2024-27776 CVSS 9.8

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE

CVE-2024-36388 CVSS 10

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

CVE-2024-36389 CVSS 9.8

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

CVE-2024-36391 CVSS 9.1

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic

View critical disclosures

cvelogic Threat Intelligence