Dec 11, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-44241 The issue was addressed with improved bounds checks.

  • CVSS 9.8
  • Remote code execution exposure

New critical Apple Ipados RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-44242 The issue was addressed with improved bounds checks.

  • CVSS 9.8
  • Remote code execution exposure

New critical Apple Ipados RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-44299 The issue was addressed with improved bounds checks.

  • CVSS 9.8
  • Remote code execution exposure

New critical Apple Ipados RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-11015 CVSS 9.8

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.

CVE-2024-44241 CVSS 9.8

The issue was addressed with improved bounds checks.

CVE-2024-44242 CVSS 9.8

The issue was addressed with improved bounds checks.

CVE-2024-44299 CVSS 9.8

The issue was addressed with improved bounds checks.

CVE-2024-49112 CVSS 9.8

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

CVE-2024-50339 CVSS 9.3

GLPI is a free asset and IT management software package.

CVE-2024-54465 CVSS 9.8

A logic issue was addressed with improved state management.

CVE-2024-54506 CVSS 9.8

An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-54534 CVSS 9.8

The issue was addressed with improved memory handling.

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhau...

View critical disclosures

cvelogic Threat Intelligence