Sep 17, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Adobe Flash Player: 4 CVEs added to CISA KEV today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Potential privilege escalation to admin/root

Adobe Flash Player privilege escalation is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-8767 Sensitive data disclosure and manipulation due to unnecessary privileges assignment.

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-45798 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Adobe Flash Player Integer Underflow Vulnerablity

Adobe Flash Player Incorrect Default Permissions

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-38183 CVSS 9.8

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.

CVE-2024-38812 CVSS 9.8

VMware vCenter Server Heap-Based Buffer Overflow

CVE-2024-43976 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder super...

CVE-2024-43978 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder super...

CVE-2024-44004 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wp...

CVE-2024-45798 CVSS 9.9

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers.

CVE-2024-7873 CVSS 9.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE...

CVE-2024-8767 CVSS 9.9

Sensitive data disclosure and manipulation due to unnecessary privileges assignment.

CVE-2024-8956 CVSS 9.1

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass

View critical disclosures

cvelogic Threat Intelligence