Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 23, 2024
Sep 23, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-0001
Purestorage Purity\/\/fa privilege escalation
CVSS 10
Potential privilege escalation to admin/root
New critical Purestorage Purity\/\/fa privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-0002
Purestorage Purity\/\/fa privilege escalation
CVSS 10
Potential privilege escalation to admin/root
New critical Purestorage Purity\/\/fa privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-8624
Pluginus Wordpress Meta Data And Taxonomies Filter SQL Injection
CVSS 9.9
Internet-facing CMS deployments affected
New critical Pluginus Wordpress Meta Data And Taxonomies Filter SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allow...
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the ar...
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privile...
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a speci...
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document sto...
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox esc...
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_s...
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path v...
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege...
View critical disclosures
cvelogic
Threat Intelligence