Oct 14, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-46535 Ketr Jepaas SQL Injection

  • CVSS 9.8

New critical Ketr Jepaas SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-48251 Wavelog SQL Injection

  • CVSS 9.8

New critical Wavelog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-48253 Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.

  • CVSS 9.8

New critical Magicbug Cloudlog SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-48082 CVSS 9.1

Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly gene...

CVE-2024-46535 CVSS 9.8

Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg.

CVE-2024-48150 CVSS 9.8

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.

CVE-2024-48153 CVSS 9.8

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling t...

CVE-2024-48168 CVSS 9.8

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to exe...

CVE-2024-48251 CVSS 9.8

Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode.

CVE-2024-48253 CVSS 9.8

Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.

CVE-2024-48255 CVSS 9.8

Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.

CVE-2024-48257 CVSS 9.8

Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.

CVE-2024-48823 CVSS 9.8

Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to...

View critical disclosures

cvelogic Threat Intelligence