THREAT ALERT

ACT NOW CVE-2024-7593 9.8 Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gain administrative access to the appliance due to a flawed authentication algorithm implementation. The flaw is confirmed actively exploited (CISA KEV) with an EPSS score of 94.44% (100th percentile), placing it among the highest-risk vulnerabilities currently tracked. All vTM releases other than 22.2R1 and 22.7R2 are affected. | ACT NOW CVE-2024-7399 8.8 Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place attacker-controlled files anywhere on the server filesystem via a path traversal flaw. The issue is confirmed actively exploited (CISA KEV) with publicly available exploit code and an EPSS score of 71% (99th percentile), making it one of the highest-priority remediation items currently tracked. | ACT NOW CVE-2024-6497 8.8 Stored Cross-Site Scripting in the SEO Plugin by Squirrly SEO for WordPress (versions up to and including 12.3.19) allows Contributor-level authenticated users to inject arbitrary JavaScript via the 'url' parameter, executing in browsers of any user who views the affected page. Publicly available exploit code exists and EPSS scores this in the 96th percentile (22.89%) for likelihood of exploitation, though it is not currently listed in CISA KEV. Note that the assigned CWE-89 (SQL Injection) appears inconsistent with the description, which clearly describes Stored XSS (CWE-79). |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — August 15, 2024

0 CVEs tracked today. 0 Critical, 0 High, 0 Medium, 0 Low.

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities