Jun 17, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-37902 DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java.

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-37058 Insecure Permissions vulnerability in JLINK Unionman Technology Co.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Unionman Jlink Ax1800 Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-34833 Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-37058 CVSS 9.8

Insecure Permissions vulnerability in JLINK Unionman Technology Co.

CVE-2024-34833 CVSS 9.8

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload.

CVE-2024-36543 CVSS 9.8

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service f...

CVE-2024-36573 CVSS 9.8

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (...

CVE-2024-36575 CVSS 9.8

A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor.

CVE-2024-36580 CVSS 9.8

A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code.

CVE-2024-36582 CVSS 9.8

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)

CVE-2024-37902 CVSS 10

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java.

CVE-2024-6057 CVSS 9.8

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker th...

View critical disclosures

cvelogic Threat Intelligence