Nov 4, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • PTZOptics PT30X-SDI/NDI Cameras: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Authentication bypass — unauthenticated access risk

PTZOptics PT30X-SDI/NDI Cameras Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-50526 Lindeni Multi Purpose Mail Form

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-50527 Stacksmarket Stacks Mobile App Builder

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2024-8956 KEV

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass

CVE-2024-8957 KEV

PTZOptics PT30X-SDI/NDI Cameras OS Command Injection

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-48050 CVSS 9.8

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression.

CVE-2024-48061 CVSS 9.8

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on...

CVE-2024-50526 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows...

CVE-2024-50527 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Upload...

CVE-2024-50529 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training allows Upload a Web Shell to a Web...

CVE-2024-50530 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web...

CVE-2024-50531 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows...

CVE-2024-51136 CVSS 9.8

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute ar...

CVE-2024-51327 CVSS 9.8

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL I...

CVE-2024-51501 CVSS 10

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderC...

View critical disclosures

cvelogic Threat Intelligence