Nov 27, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-42327 Zabbix

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-53604 Phpgurukul Covid19 Testing Management System SQL Injection

  • CVSS 9.8

New critical Phpgurukul Covid19 Testing Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-46054 OpenVidReview 1.0 is vulnerable to Incorrect Access Control.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-42327 CVSS 9.9

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this...

CVE-2024-42330 CVSS 9.1

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request.

CVE-2024-46054 CVSS 9.8

OpenVidReview 1.0 is vulnerable to Incorrect Access Control.

CVE-2024-52958 CVSS 9.3

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 thr...

CVE-2024-52959 CVSS 9.3

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from...

CVE-2024-53604 CVSS 9.8

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which...

CVE-2024-9369 CVSS 9.6

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer p...

View critical disclosures

cvelogic Threat Intelligence