Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 25, 2024
Sep 25, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
6 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-8275
Stellarwp The Events Calendar SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Stellarwp The Events Calendar SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
High-risk exposure
New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.
High-risk exposure
CVE-2024-6592
Watchguard Authentication Gateway Auth Bypass
CVSS 9.1
Authentication bypass — unauthenticated access risk
New high-severity Watchguard Authentication Gateway Auth Bypass — watch for exploit drops and scanner noise in the first 72 hours after disclosure.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automati...
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Age...
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with...
The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and i...
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' funct...
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includin...
View critical disclosures
cvelogic
Threat Intelligence