Jun 25, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-37843 Craftcms Craft Cms SQL Injection

  • CVSS 9.8

New critical Craftcms Craft Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-4883 Progress Whatsup Gold RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Progress Whatsup Gold RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-4884 Progress Whatsup Gold RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Progress Whatsup Gold RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-21741 CVSS 9.8

GigaDevice GD32E103C8T6 devices have Incorrect Access Control.

CVE-2024-35527 CVSS 9.8

An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attacke...

CVE-2024-37843 CVSS 9.8

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

CVE-2024-4883 CVSS 9.8

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold.

CVE-2024-4884 CVSS 9.8

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.

CVE-2024-5276 CVSS 9.8

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.

CVE-2024-5988 CVSS 9.3

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable...

CVE-2024-5989 CVSS 9.3

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the progra...

CVE-2024-6060 CVSS 9.3

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP...

View critical disclosures

cvelogic Threat Intelligence