Jun 19, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-34990 In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 fro...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-36679 In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can pe...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-36678 Promokit Pk Themesettings SQL Injection

  • CVSS 9.8

New critical Promokit Pk Themesettings SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-39312 CVSS 9.1

Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.

CVE-2024-33836 CVSS 9.8

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extension...

CVE-2024-34990 CVSS 10

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer...

CVE-2024-34994 CVSS 9.8

In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `Channable...

CVE-2024-36678 CVSS 9.8

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection.

CVE-2024-36679 CVSS 10

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection.

CVE-2024-36684 CVSS 9.8

In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection.

CVE-2024-37124 CVSS 9.8

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client.

CVE-2024-38541 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias...

CVE-2024-38612 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_in...

View critical disclosures

cvelogic Threat Intelligence