Oct 1, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Os4ed Opensis: public exploit or PoC linked (SQL Injection)
WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2024-46626 Os4ed Opensis SQL Injection

Public exploit or PoC available
Exploit activity linked

Os4ed Opensis SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2024-45999 Magicbug Cloudlog SQL Injection

CVSS 9.8

New critical Magicbug Cloudlog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-9265 Coderevolution Echo Rss Feed Post Generator Privilege Escalation

CVSS 9.8
Internet-facing CMS deployments affected

New critical Coderevolution Echo Rss Feed Post Generator Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2024-46626 Exploit

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-25660 CVSS 9

The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unau...

CVE-2024-41276 CVSS 9.8

privilege escalation

CVE-2024-45999 CVSS 9.8

A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /...

CVE-2024-9106 CVSS 9.8

The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0.

CVE-2024-9108 CVSS 9.8

The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'con...

CVE-2024-9265 CVSS 9.8

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6.

CVE-2024-9289 CVSS 9.8

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and incl...

CVE-2024-9392 CVSS 9.8

A compromised content process could have allowed for the arbitrary loading of cross-origin pages.

CVE-2024-9401 CVSS 9.8

Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.

CVE-2024-9402 CVSS 9.8

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2.

View critical disclosures

cvelogic Threat Intelligence