Jun 8, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 2 material risk changes today across KEV, exploits, critical disclosures, and EPSS movers.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-4146 Lunary privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Lunary privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2024-37407 Libarchive Out-of-Bounds Write

  • CVSS 9.1

New high-severity Libarchive Out-of-Bounds Write — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-37407 CVSS 9.1

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled.

CVE-2024-4146 CVSS 9.8

In lunary-ai/lunary version v1.2.13, an incorrect authorization vulnerability exists that allows unauthorized users to access and manipul...

View critical disclosures

cvelogic Threat Intelligence