Jul 9, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-38080 Microsoft Windows Hyper-V Privilege Escalation

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Microsoft Windows Privilege Escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-37870 Itsourcecode Learning Management System SQL Injection

  • CVSS 9.8

New critical Itsourcecode Learning Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-37873 Itsourcecode Payroll Management System Project In Php With Source Code SQL Injection

  • CVSS 9.8

New critical Itsourcecode Payroll Management System Project In Php With Source Code SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-48194 CVSS 9.8

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0.

CVE-2024-36526 CVSS 9.8

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.

CVE-2024-37870 CVSS 9.8

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to exe...

CVE-2024-37873 CVSS 9.8

SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remo...

CVE-2024-38074 CVSS 9.8

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38076 CVSS 9.8

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38077 CVSS 9.8

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38089 CVSS 9.1

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVE-2024-39071 CVSS 9.8

Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php.

CVE-2024-39171 CVSS 9.8

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via wri...

View critical disclosures

cvelogic Threat Intelligence