Jun 26, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Linux Kernel added to CISA KEV — confirmed in-the-wild exploitation.
  • Solarwinds Platform: public exploit or PoC linked
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS)

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Roundcube Webmail XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2024-28999 Solarwinds Platform

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2024-1839 Intrado 911 Emergency Gateway Firmware SQL Injection

  • CVSS 10

New critical Intrado 911 Emergency Gateway Firmware SQL Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

CVE-2024-28999 Exploit

The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-1839 CVSS 10

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthent...

CVE-2024-37252 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newslet...

CVE-2024-37734 CVSS 9.8

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

CVE-2024-39243 CVSS 9.8

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor...

CVE-2024-4228 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an...

CVE-2024-5655 CVSS 9.6

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, a...

View critical disclosures

cvelogic Threat Intelligence