Sep 18, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Oracle ADF Faces: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Microsoft SQL Server RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-46986 Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-46374 Mayurik Best House Rental Management System SQL Injection

  • CVSS 9.8

New critical Mayurik Best House Rental Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Oracle ADF Faces Deserialization of Untrusted Data

Microsoft SQL Server Reporting Services Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-34399 CVSS 9.8

**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04.

CVE-2024-40568 CVSS 9.8

Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execut...

CVE-2024-45523 CVSS 9.1

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2....

CVE-2024-46374 CVSS 9.8

Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin...

CVE-2024-46375 CVSS 9.8

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin...

CVE-2024-46376 CVSS 9.8

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rent...

CVE-2024-46377 CVSS 9.8

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file renta...

CVE-2024-46986 CVSS 9.9

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails.

CVE-2024-6877 CVSS 9.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows R...

CVE-2024-6878 CVSS 9.2

Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.

View critical disclosures

cvelogic Threat Intelligence