Sep 20, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-46103 SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

  • CVSS 9.8

New critical Sem-cms Semcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-46640 SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp.

  • CVSS 9.8
  • Remote code execution exposure

New critical Seacms RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-8853 Medialibs Webo-facto Privilege Escalation

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Medialibs Webo-facto Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-45489 CVSS 9.8

Arc before 2024-08-26 allows remote code execution in JavaScript boosts.

CVE-2024-46101 CVSS 9.8

GDidees CMS <= v3.9.1 has a file upload vulnerability.

CVE-2024-46103 CVSS 9.8

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

CVE-2024-46640 CVSS 9.8

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp.

CVE-2024-46652 CVSS 9.8

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.

CVE-2024-47062 CVSS 9.4

Navidrome is an open source web-based music collection server and streamer.

CVE-2024-8853 CVSS 9.8

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient rest...

CVE-2024-9043 CVSS 9.8

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process.

View critical disclosures

cvelogic Threat Intelligence