Jul 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

ServiceNow Utah, Vancouver, And Washington DC Now Platform: 2 CVEs added to CISA KEV today.
8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-45249 Acronis Cyber Infrastructure (ACI) Insecure Default Password

Actively exploited (CISA KEV)
Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-37906 Admidio is a free, open source user management system for websites of organizations and groups.

CVSS 9.9

New critical Admidio SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-37858 Oretnom23 Lost And Found Information System SQL Injection

CVSS 9.8

New critical Oretnom23 Lost And Found Information System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-45249 KEV

Acronis Cyber Infrastructure (ACI) Insecure Default Password

CVE-2024-4879 KEV

ServiceNow Improper Input Validation

CVE-2024-5217 KEV

ServiceNow Incomplete List of Disallowed Inputs

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-28805 CVSS 9.1

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215.

CVE-2024-37858 CVSS 9.8

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter...

CVE-2024-37906 CVSS 9.9

Admidio is a free, open source user management system for websites of organizations and groups.

CVE-2024-38529 CVSS 9

Admidio is a free, open source user management system for websites of organizations and groups.

CVE-2024-5670 CVSS 9.8

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthen...

CVE-2024-6366 CVSS 9.1

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload medi...

CVE-2024-7201 CVSS 9.8

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated...

CVE-2024-7202 CVSS 9.8

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated...

View critical disclosures

cvelogic Threat Intelligence