Jan 14, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Microsoft Windows: 3 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass

Actively exploited (CISA KEV)
Listed on CISA KEV
Authentication bypass — unauthenticated access risk

Fortinet FortiOS And FortiProxy Auth Bypass is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2024-48856 Blackberry Qnx Software Development Platform Out-of-Bounds Write

CVSS 9.8

New critical Blackberry Qnx Software Development Platform Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-57471 H3c N12 Firmware Buffer Overflow

CVSS 9.8

New critical H3c N12 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2024-55591 KEV

Fortinet FortiOS and FortiProxy Authentication Bypass

CVE-2025-21333 KEV

Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow

CVE-2025-21334 KEV

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free

CVE-2025-21335 KEV

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-48760 CVSS 9.8

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function.

CVE-2024-48856 CVSS 9.8

Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial...

CVE-2024-49375 CVSS 9

Open source machine learning framework.

CVE-2024-54142 CVSS 9

Discourse AI is a Discourse plugin which provides a number of AI features.

CVE-2024-57471 CVSS 9.8

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing...

CVE-2024-57473 CVSS 9.8

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function.

CVE-2024-57479 CVSS 9.8

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function.

CVE-2024-57480 CVSS 9.8

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function.

CVE-2024-57482 CVSS 9.8

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing fu...

CVE-2024-57483 CVSS 9.8

Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.

View critical disclosures

cvelogic Threat Intelligence