Nov 6, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-10081 Ericsson Codechecker Auth Bypass

  • CVSS 10
  • Authentication bypass — unauthenticated access risk

New critical Ericsson Codechecker Auth Bypass (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-8615 Eyecix Jobsearch Wp Job Board RCE

  • CVSS 10
  • Internet-facing CMS deployments affected

New critical Eyecix Jobsearch Wp Job Board RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-20418 Command Injection

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-10081 CVSS 10

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.

CVE-2024-10914 CVSS 9.2

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.

CVE-2024-10915 CVSS 9.2

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.

CVE-2024-51757 CVSS 9.3

happy-dom is a JavaScript implementation of a web browser without its graphical user interface.

CVE-2024-51990 CVSS 9.3

jj, or Jujutsu, is a Git-compatible VCS written in rust.

CVE-2024-8614 CVSS 9.9

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsea...

CVE-2024-8615 CVSS 10

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsea...

CVE-2024-9307 CVSS 9.9

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including...

View critical disclosures

cvelogic Threat Intelligence