Oct 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-51568 Cyberpanel RCE

  • CVSS 10
  • Remote code execution exposure

New critical Cyberpanel RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-51378 CyberPanel Incorrect Default Permissions

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-51567 CyberPanel Incorrect Default Permissions

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-44081 CVSS 9.8

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading v...

CVE-2024-48063 CVSS 9.8

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE.

CVE-2024-48138 CVSS 9.8

A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows...

CVE-2024-48206 CVSS 9.8

A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.

CVE-2024-48573 CVSS 9.8

A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account...

CVE-2024-51568 CVSS 10

CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink.

CVE-2024-9988 CVSS 9.8

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19.

CVE-2024-9989 CVSS 9.8

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18.

View critical disclosures

cvelogic Threat Intelligence