Aug 20, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-42574 Arajajyothibabu School Management System SQL Injection

  • CVSS 9.8

New critical Arajajyothibabu School Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-42575 Arajajyothibabu School Management System SQL Injection

  • CVSS 9.8

New critical Arajajyothibabu School Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-43404 MEGABOT is a fully customized Discord bot for learning and fun.

  • CVSS 9.8
  • Remote code execution exposure

New critical Megacord Megabot RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-27185 CVSS 9.1

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.

CVE-2024-30949 CVSS 9.8

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.

CVE-2024-33872 CVSS 9.8

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation...

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a craft...

CVE-2024-38175 CVSS 9.6

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate p...

CVE-2024-42574 CVSS 9.8

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.

CVE-2024-42575 CVSS 9.8

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.

CVE-2024-42919 CVSS 9.8

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.

CVE-2024-43404 CVSS 9.8

MEGABOT is a fully customized Discord bot for learning and fun.

CVE-2024-6800 CVSS 9.5

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific ident...

View critical disclosures

cvelogic Threat Intelligence