Home
» Risk & Exploitation
» Daily threat intelligence
» Nov 13, 2024
Nov 13, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
9 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-10575
Schneider-electric Ecostruxure It Gateway privilege escalation
CVSS 10
Potential privilege escalation to admin/root
New critical Schneider-electric Ecostruxure It Gateway privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-11028
Icdsoft Multimanager Wp Auth Bypass
CVSS 9.8
Internet-facing CMS deployments affected
New critical Icdsoft Multimanager Wp Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-11150
Vanquish User Extra Fields RCE
CVSS 9.8
Internet-facing CMS deployments affected
New critical Vanquish User Extra Fields RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impa...
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions...
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web So...
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow.
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Sha...
DataEase is an open source data visualization analysis tool.
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitr...
View critical disclosures
cvelogic
Threat Intelligence