10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2024-12987DrayTek Vigor Routers OS Command Injection
Actively exploited (CISA KEV)
Listed on CISA KEV
DrayTek Vigor Routers Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2024-6159Pnfpb Push Notification For Post And Buddypress SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Pnfpb Push Notification For Post And Buddypress SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-6809Quantumcloud Simple Video Directory SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Quantumcloud Simple Video Directory SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.