Sep 6, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-6445 Dataflowx Datadiodex Path Traversal

  • CVSS 10

New critical Dataflowx Datadiodex Path Traversal (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-44401 Dlink Di-8100g Firmware Command Injection

  • CVSS 9.8

New critical Dlink Di-8100g Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-44402 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

  • CVSS 9.8

New critical Dlink Di-8100g Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-1744 CVSS 9.2

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedd...

CVE-2024-44401 CVSS 9.8

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file

CVE-2024-44402 CVSS 9.8

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.

CVE-2024-44838 CVSS 9.8

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.

CVE-2024-44839 CVSS 9.8

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.

CVE-2024-45758 CVSS 9.1

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command...

CVE-2024-45771 CVSS 9.8

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.

CVE-2024-6445 CVSS 10

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Pa...

CVE-2024-7493 CVSS 9.8

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1.

CVE-2024-8517 CVSS 9.8

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue.

View critical disclosures

cvelogic Threat Intelligence