Nov 25, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Array Networks AG/vxAG ArrayOS added to CISA KEV — confirmed in-the-wild exploitation.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2023-28461 Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function

Actively exploited (CISA KEV)
Listed on CISA KEV
Remote code execution exposure

Array Networks AG/vxAG ArrayOS RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-50672 A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthent...

CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

High-risk exposure

CVE-2024-52787 An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path t...

CVSS 9.1

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2023-28461 KEV

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-50672 CVSS 9.8

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and admin...

CVE-2024-52787 CVSS 9.1

An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filenam...

View critical disclosures

cvelogic Threat Intelligence