Home
» Risk & Exploitation
» Daily threat intelligence
» Oct 24, 2024
Oct 24, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) added to CISA KEV — confirmed in-the-wild exploitation.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-20481
Cisco ASA and FTD Denial-of-Service
Actively exploited (CISA KEV)
Listed on CISA KEV
Network edge / SD-WAN deployments affected
Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) DoS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-46478
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
New critical Htmldoc Project Htmldoc Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-7763
Progress Whatsup Gold Auth Bypass
CVSS 9.8
Authentication bypass — unauthenticated access risk
New critical Progress Whatsup Gold Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Cisco ASA and FTD Denial-of-Service
RoundCube Webmail Cross-Site Scripting (XSS)
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control.
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function.
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework.
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to...
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and...
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltr...
php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6).
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices.
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted use...
View critical disclosures
cvelogic
Threat Intelligence