Jun 11, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-2013
Hitachienergy Foxman-un Auth Bypass
- CVSS 10
- Authentication bypass — unauthenticated access risk
New critical Hitachienergy Foxman-un Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-30080
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVSS 9.8
- Remote code execution exposure
New critical Microsoft Windows 10 1507 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-5695
Mozilla Firefox Memory Corruption
New critical Mozilla Firefox Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or c...
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers wit...
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary U...
An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to pote...
Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web acces...
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization.
If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have bee...
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should...
Memory safety bugs present in Firefox 126.
View critical disclosures
cvelogic
Threat Intelligence