Nov 26, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-11704 Mozilla Firefox Memory Corruption

  • CVSS 9.8

New critical Mozilla Firefox Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-53676 Hpe Insight Remote Support RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Hpe Insight Remote Support RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-11693 The executable file warning was not presented when downloading .library-ms files.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass.

CVE-2024-11145 CVSS 9.3

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitra...

CVE-2024-11693 CVSS 9.8

The executable file warning was not presented when downloading .library-ms files.

CVE-2024-11698 CVSS 9.8

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal d...

CVE-2024-11704 CVSS 9.8

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path.

CVE-2024-11705 CVSS 9.1

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL.

CVE-2024-49038 CVSS 9.3

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads...

CVE-2024-50375 CVSS 9.8

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-63...

CVE-2024-50942 CVSS 9.8

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.

CVE-2024-53676 CVSS 9.8

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.

View critical disclosures

cvelogic Threat Intelligence