Jun 21, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-36532 Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate priv...

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-38389 Artbees Jupiter X Core privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Artbees Jupiter X Core privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-6027 Themify Product Filter SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Themify Product Filter SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2012-6664 CVSS 9.1

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to r...

CVE-2014-5470 CVSS 9.8

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input d...

CVE-2020-27352 CVSS 9.3

When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a resul...

CVE-2023-38389 CVSS 9.8

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue...

CVE-2023-45197 CVSS 9.2

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer...

CVE-2024-34989 CVSS 9.8

In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaP...

CVE-2024-35767 CVSS 9.1

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squee...

CVE-2024-36532 CVSS 10

Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account'...

CVE-2024-38623 CVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix...

CVE-2024-6027 CVSS 9.8

The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in...

View critical disclosures

cvelogic Threat Intelligence