Jun 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-6265 Ayecode Userswp SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Ayecode Userswp SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2024-39848 Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in cer...

  • CVSS 9.1
  • Authentication bypass — unauthenticated access risk

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

High-risk exposure

CVE-2019-25211 parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of...

  • CVSS 9.1

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2019-25211 CVSS 9.1

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example....

CVE-2024-39848 CVSS 9.1

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways.

CVE-2024-6265 CVSS 9.8

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vuln...

View critical disclosures

cvelogic Threat Intelligence