Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 24, 2024
Sep 24, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Ivanti Virtual Traffic Manager added to CISA KEV — confirmed in-the-wild exploitation.
WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-7593
Ivanti Virtual Traffic Manager Authentication Bypass
Actively exploited (CISA KEV)
Listed on CISA KEV
Authentication bypass — unauthenticated access risk
Ivanti Virtual Traffic Manager Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-45066
Doverfuelingsolutions Progauge Maglink Lx4 Console Firmware
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Critical exposure
CVE-2024-8878
Riello-ups Netman 204 Firmware
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Ivanti Virtual Traffic Manager Authentication Bypass
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type...
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_image...
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and inc...
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in...
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take o...
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/thir...
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-B...
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
View critical disclosures
cvelogic
Threat Intelligence