Jun 13, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Android Pixel added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management

Actively exploited (CISA KEV)
Listed on CISA KEV
Potential privilege escalation to admin/root

Microsoft Windows privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-22441 HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.

CVSS 9.8
Authentication bypass — unauthenticated access risk

New critical Hpe Cray Parallel Application Launch Service Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-29786 Google Android RCE

CVSS 9.8
Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2024-32896 KEV

Android Pixel Privilege Escalation

CVE-2024-4358 KEV

Progress Telerik Report Server Authentication Bypass by Spoofing

CVE-2024-26169 KEV

Microsoft Windows Error Reporting Service Improper Privilege Management

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-0095 CVSS 9

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands...

CVE-2024-22441 CVSS 9.8

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass.

CVE-2024-29786 CVSS 9.8

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check.

CVE-2024-31777 CVSS 9.8

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadg...

CVE-2024-32905 CVSS 9.8

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check.

CVE-2024-32911 CVSS 9.8

There is a possible escalation of privilege due to improperly used crypto.

CVE-2024-32913 CVSS 9.8

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow.

CVE-2024-37632 CVSS 9.8

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .

CVE-2024-37634 CVSS 9.8

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.

CVE-2024-37635 CVSS 9.8

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg

View critical disclosures

cvelogic Threat Intelligence