ACT NOW
CVE-2024-23296
7.8
Kernel memory protection bypass in Apple's RTKit real-time operating system allows attackers with existing arbitrary kernel read/write primitives to defeat kernel hardening mitigations across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The flaw is confirmed actively exploited (CISA KEV) and Apple has acknowledged in-the-wild abuse, making this a critical post-exploitation primitive used in chained attacks despite a modest EPSS score of 0.17%.
|
ACT NOW
CVE-2024-23225
7.8
Kernel memory protection bypass in Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows a local attacker who already possesses arbitrary kernel read/write primitives to defeat additional kernel mitigations and achieve full kernel compromise. The flaw is confirmed actively exploited (CISA KEV) and Apple has acknowledged reports of exploitation, making this a critical post-exploitation primitive used in real-world attack chains despite a modest 0.16% EPSS score indicating targeted rather than mass exploitation.
|
ACT NOW
CVE-2024-27199
7.3
Path traversal in JetBrains TeamCity before 2023.11.4 enables remote attackers to perform a limited set of administrative actions by bypassing authentication controls on specific endpoints. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and carries an EPSS score of 82.47% (99th percentile), placing it among the highest-probability exploitation targets currently tracked.
|
ACT NOW
CVE-2024-1698
9.8
SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to append arbitrary SQL queries via the 'type' parameter and exfiltrate sensitive database contents. Publicly available exploit code exists and the EPSS score of 93.74% (100th percentile) indicates very high probability of exploitation attempts in the wild, though the CVE is not currently listed in CISA KEV.
|
ACT NOW
CVE-2024-1709
10.0
ConnectWise ScreenConnect contains a critical authentication bypass (CVSS 10.0) that allows direct access to the administrative interface, mass-exploited within hours of disclosure for ransomware deployment.
|
ACT NOW
CVE-2024-1708
8.4
Path traversal in ConnectWise ScreenConnect 23.9.7 and earlier enables attackers with administrative privileges to write files outside intended directories, leading to remote code execution or direct compromise of confidential data and critical systems. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 53.66% (98th percentile) reflects extremely high real-world exploitation activity. It was disclosed alongside the more severe CVE-2024-1709 authentication bypass, which together formed a widely abused exploit chain against ScreenConnect on-premises servers in early 2024.
|
Today's Vulnerabilities Vulnerabilities
Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.
CVEs published in review
Get CVEs that hit your stack — not 200/day
Pick your technologies, get a weekly digest by email. Free, no spam.
React
Python
Postgres
+200 more
React
Next.js
Python
Postgres
AWS
+200 more
Trending Now
See all
Critical Watch
See all
KEV
POC
CVSS
No critical watch entries today
Attack Technique Trend
Prediction based on ZDI Disclosures & CVE data
· 30 days
Vendor Today – Quick Filter
Techniques
POC
CISA KEV
PATCH
UNPATCHED
results
Sort:
Base Score
Vector String
Attack Vector (AV)
Attack Complexity (AC)
Privileges Required (PR)
User Interaction (UI)
Scope (S)
Confidentiality (C)
Integrity (I)
Availability (A)
0
|
3.9|
6.9|
8.9|
10
NONE
LOW
MEDIUM
HIGH
CRITICAL
CVSS Filter
– CVEs match
No CVEs match the selected criteria
Loading...
Incoming
20
Pre-NVD – not yet scored
No vulnerabilities found for this date.
Data may not have been fetched yet.
Live Feed
auto-refresh 60s
Track CVEs for your stack
Sign up free →