Jul 24, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-41110 Moby is an open-source project created by Docker for software containerization.

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-36535 Layer5 Meshery privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Layer5 Meshery privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-36536 Fabedge privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Fabedge privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-36533 CVSS 9.8

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account...

CVE-2024-36535 CVSS 9.8

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service accoun...

CVE-2024-36536 CVSS 9.8

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account...

CVE-2024-36539 CVSS 9.8

Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service accoun...

CVE-2024-36540 CVSS 9.8

Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the servi...

CVE-2024-41110 CVSS 9.9

Moby is an open-source project created by Docker for software containerization.

CVE-2024-41459 CVSS 9.8

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform...

CVE-2024-41460 CVSS 9.8

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteS...

CVE-2024-41461 CVSS 9.8

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpLis...

CVE-2024-41551 CVSS 9.8

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .

View critical disclosures

cvelogic Threat Intelligence