Oct 28, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-50495 Widgilabs Plugin Propagator

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-50496 Webandprint Ar

  • CVSS 10
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-45656 Ibm Ess 5000 \(5105-22e\) Firmware privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Ibm Ess 5000 \(5105-22e\) Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-39205 CVSS 9.8

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP requ...

CVE-2024-40867 CVSS 9.6

A custom URL scheme handling issue was addressed with improved input validation.

CVE-2024-44217 CVSS 9.1

A permissions issue was addressed by removing vulnerable code and adding additional checks.

CVE-2024-45656 CVSS 9.8

IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through...

CVE-2024-48356 CVSS 9.8

LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.

CVE-2024-48357 CVSS 9.8

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.

CVE-2024-48465 CVSS 9.8

The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter

CVE-2024-50491 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL...

CVE-2024-50495 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell...

CVE-2024-50496 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell...

View critical disclosures

cvelogic Threat Intelligence