Home
» Risk & Exploitation
» Daily threat intelligence
» Dec 18, 2024
Dec 18, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Reolink RLC-410W IP Camera: 2 CVEs added to CISA KEV today.
WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2018-14933
NUUO NVRmini Devices OS Command Injection
Actively exploited (CISA KEV)
Listed on CISA KEV
NUUO NVRmini Devices Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-47039
Google Android Info Disclosure
New critical Google Android Info Disclosure (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-47040
There is a possible UAF due to a logic error in the code.
CVSS 10
Potential privilege escalation to admin/root
New critical Google Android privilege escalation (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Reolink RLC-410W IP Camera OS Command Injection
NUUO NVRmini2 Devices Missing Authentication
Reolink Multiple IP Cameras OS Command Injection
NUUO NVRmini Devices OS Command Injection
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 1...
In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check.
There is a possible UAF due to a logic error in the code.
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This...
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server....
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server....
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server....
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server....
View critical disclosures
cvelogic
Threat Intelligence