Jun 11, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-2013 Hitachienergy Foxman-un Auth Bypass

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical Hitachienergy Foxman-un Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-30080 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

  • CVSS 9.8
  • Remote code execution exposure

New critical Microsoft Windows 10 1507 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-5695 Mozilla Firefox Memory Corruption

  • CVSS 9.8

New critical Mozilla Firefox Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-2012 CVSS 9.1

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or c...

CVE-2024-2013 CVSS 10

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers wit...

CVE-2024-30080 CVSS 9.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-34405 CVSS 9.1

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary U...

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to pote...

CVE-2024-35225 CVSS 9.6

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web acces...

CVE-2024-4315 CVSS 9.1

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization.

CVE-2024-5695 CVSS 9.8

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have bee...

CVE-2024-5699 CVSS 9.8

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should...

CVE-2024-5701 CVSS 9.8

Memory safety bugs present in Firefox 126.

View critical disclosures

cvelogic Threat Intelligence