Sep 3, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • DrayTek VigorConnect: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-20123 Draytek VigorConnect Path Traversal

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

DrayTek VigorConnect Path Traversal is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-41433 Pingcap Tidb Buffer Overflow

  • CVSS 9.8

New critical Pingcap Tidb Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-44921 Seacms SQL Injection

  • CVSS 9.8

New critical Seacms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-41433 CVSS 9.8

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList.

CVE-2024-44809 CVSS 9.8

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA.

CVE-2024-44921 CVSS 9.8

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.

CVE-2024-45588 CVSS 9.1

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Prefer...

CVE-2024-7950 CVSS 9.8

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclu...

CVE-2024-8381 CVSS 9.8

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environ...

CVE-2024-8384 CVSS 9.8

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two...

CVE-2024-8385 CVSS 9.8

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.

CVE-2024-8387 CVSS 9.8

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.

CVE-2024-8389 CVSS 9.8

Memory safety bugs present in Firefox 129.

View critical disclosures

cvelogic Threat Intelligence