Jul 31, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-37901 Xwiki RCE

  • CVSS 9.9
  • Remote code execution exposure

New critical Xwiki RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-6695 Cozmoslabs Profile Builder

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-41660 slpd-lite is a unicast SLP UDP server.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-37901 CVSS 9.9

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

CVE-2024-6695 CVSS 9.8

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthori...

CVE-2024-6980 CVSS 9.2

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-sid...

CVE-2024-7205 CVSS 9.4

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as p...

CVE-2024-7332 CVSS 9.3

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224.

View critical disclosures

cvelogic Threat Intelligence