Dec 23, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Acclaim Systems USAHERDS added to CISA KEV — confirmed in-the-wild exploitation.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2024-45387 Apache Traffic Control SQL Injection

  • CVSS 9.9

New critical Apache Traffic Control SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2024-40896 Netapp H300s Firmware XXE

  • CVSS 9.1

New high-severity Netapp H300s Firmware XXE — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2021-44207 KEV

Acclaim Systems USAHERDS Use of Hard-Coded Credentials

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-40896 CVSS 9.1

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even i...

CVE-2024-45387 CVSS 9.9

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "f...

View critical disclosures

cvelogic Threat Intelligence