Nov 8, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 5 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-10284 Ce21 Suite Auth Bypass

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Ce21 Suite Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-10285 Ce21 Suite Info Disclosure

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Ce21 Suite Info Disclosure (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-10625 Vanquish Woocommerce Support Ticket System RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Vanquish Woocommerce Support Ticket System RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-10284 CVSS 9.8

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0.

CVE-2024-10285 CVSS 9.8

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and inclu...

CVE-2024-10586 CVSS 9.8

The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() fu...

CVE-2024-10625 CVSS 9.8

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validat...

CVE-2024-10627 CVSS 9.8

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in...

CVE-2024-35426 CVSS 9.8

vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

CVE-2024-45763 CVSS 9.1

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS C...

CVE-2024-48073 CVSS 9.8

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions.

CVE-2024-50811 CVSS 9.1

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\...

CVE-2024-51211 CVSS 9.8

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file.

View critical disclosures

cvelogic Threat Intelligence