Nov 29, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-36622 Raspap-webgui Command Injection

CVSS 9.8

New critical Raspap-webgui Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-53504 B3log Siyuan SQL Injection

CVSS 9.8

New critical B3log Siyuan SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-53505 B3log Siyuan SQL Injection

CVSS 9.8

New critical B3log Siyuan SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-35366 CVSS 9.1

FFmpeg n6.1.1 is Integer Overflow.

CVE-2024-35367 CVSS 9.1

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

CVE-2024-35368 CVSS 9.8

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

CVE-2024-36622 CVSS 9.8

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script.

CVE-2024-49360 CVSS 9.2

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems.

CVE-2024-49806 CVSS 9.4

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, whic...

CVE-2024-53504 CVSS 9.8

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

CVE-2024-53505 CVSS 9.8

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

CVE-2024-53506 CVSS 9.8

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

CVE-2024-53507 CVSS 9.8

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

View critical disclosures

cvelogic Threat Intelligence