Dec 13, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Cleo Multiple Products added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Cleo Multiple Products RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-54261

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-54262 Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooComm...

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-54261 CVSS 10

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE E...

CVE-2024-54262 CVSS 9.9

Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allow...

CVE-2024-54273 CVSS 9.8

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Pi...

CVE-2024-54292 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allow...

CVE-2024-54293 CVSS 9.8

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: fro...

CVE-2024-54294 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-vi...

CVE-2024-54295 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allow...

CVE-2024-54296 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypa...

CVE-2024-54297 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass....

CVE-2024-55956 CVSS 9.8

Cleo Multiple Products Unauthenticated File Upload

View critical disclosures

cvelogic Threat Intelligence