Nov 12, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS)

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Network edge / SD-WAN deployments affected

Cisco Adaptive Security Appliance (ASA) XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-10820 Vanquish Woocommerce Upload Files RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Vanquish Woocommerce Upload Files RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-43639 Windows KDC Proxy Remote Code Execution Vulnerability

  • CVSS 9.8
  • Remote code execution exposure

New critical Microsoft Windows Server 2012 RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows NTLMv2 Hash Disclosure Spoofing

Microsoft Windows Task Scheduler Privilege Escalation

Atlassian Jira Server and Data Center Path Traversal

Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS)

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-52268 CVSS 9.1

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a sessio...

CVE-2024-10217 CVSS 9.2

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO O...

CVE-2024-10218 CVSS 9.2

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO O...

CVE-2024-10820 CVSS 9.8

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uplo...

CVE-2024-28729 CVSS 9.8

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary...

CVE-2024-38656 CVSS 9.1

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows...

CVE-2024-39710 CVSS 9.1

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows...

CVE-2024-39711 CVSS 9.1

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows...

CVE-2024-39712 CVSS 9.1

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows...

CVE-2024-43639 CVSS 9.8

Windows KDC Proxy Remote Code Execution Vulnerability

View critical disclosures

cvelogic Threat Intelligence