Nov 15, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-45970 Mz-automation Libiec61850 Buffer Overflow

  • CVSS 9.8

New critical Mz-automation Libiec61850 Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-45971 Mz-automation Libiec61850 Buffer Overflow

  • CVSS 9.8

New critical Mz-automation Libiec61850 Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-50648 Guchengwuyue Yshopmall RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Guchengwuyue Yshopmall RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-10934 CVSS 9.2

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementati...

CVE-2024-11263 CVSS 9.3

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the ....

CVE-2024-44758 CVSS 9.8

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers...

CVE-2024-45970 CVSS 9.8

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a m...

CVE-2024-45971 CVSS 9.8

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a m...

CVE-2024-50648 CVSS 9.8

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured t...

CVE-2024-50649 CVSS 9.8

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.

CVE-2024-50724 CVSS 9.8

KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.

CVE-2024-51164 CVSS 9.1

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user t...

CVE-2024-52528 CVSS 9.3

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control.

View critical disclosures

cvelogic Threat Intelligence