Oct 24, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Network edge / SD-WAN deployments affected

Cisco Adaptive Security Appliance (ASA) And Firepower Threat Defense (FTD) DoS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-46478 HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

  • CVSS 9.8

New critical Htmldoc Project Htmldoc Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-7763 Progress Whatsup Gold Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Progress Whatsup Gold Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-41617 CVSS 9.8

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control.

CVE-2024-41618 CVSS 9.8

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function.

CVE-2024-46478 CVSS 9.8

HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

CVE-2024-47883 CVSS 9.1

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework.

CVE-2024-48143 CVSS 9.1

A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to...

CVE-2024-48144 CVSS 9.1

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and...

CVE-2024-48145 CVSS 9.1

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltr...

CVE-2024-48514 CVSS 9.8

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6).

CVE-2024-48548 CVSS 9.3

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices.

CVE-2024-7763 CVSS 9.8

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted use...

View critical disclosures

cvelogic Threat Intelligence