Jul 30, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- VMware ESXi added to CISA KEV — confirmed in-the-wild exploitation.
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-37085
VMware ESXi Authentication Bypass
- Actively exploited (CISA KEV)
- Listed on CISA KEV
- Authentication bypass — unauthenticated access risk
VMware ESXi Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-38909
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control.
- CVSS 9.8
- Remote code execution exposure
New critical Std42 Elfinder RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-38983
Alykoshin Mini-deep-assign DoS
New critical Alykoshin Mini-deep-assign DoS (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
VMware ESXi Authentication Bypass
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefa...
Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control.
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS)...
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via...
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause othe...
chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty.
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and ca...
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects.
D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remot...
In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotel...
View critical disclosures
cvelogic
Threat Intelligence