Nov 13, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-10575 Schneider-electric Ecostruxure It Gateway privilege escalation

  • CVSS 10
  • Potential privilege escalation to admin/root

New critical Schneider-electric Ecostruxure It Gateway privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-11028 Icdsoft Multimanager Wp Auth Bypass

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Icdsoft Multimanager Wp Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-11150 Vanquish User Extra Fields RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Vanquish User Extra Fields RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-10575 CVSS 10

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impa...

CVE-2024-11028 CVSS 9.8

The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions...

CVE-2024-11150 CVSS 9.8

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...

CVE-2024-40404 CVSS 9.8

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web So...

CVE-2024-43091 CVSS 9.8

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow.

CVE-2024-48510 CVSS 9.8

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Sha...

CVE-2024-52295 CVSS 9.3

DataEase is an open source data visualization analysis tool.

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.

CVE-2024-8938 CVSS 9.2

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitr...

View critical disclosures

cvelogic Threat Intelligence