These vulnerabilities have been confirmed as being exploited in the wild by vendors or CISA. Immediate patching is recommended.
The week kicked off with Google releasing an emergency security update for Chromium. A 0-day in the V8 JavaScript engine (CVE-2024-5274, high severity) was confirmed. 0-day and Hitlist Week -06-12-2024-
CVE: CVE-2023-22527 Status: Explosion in Activity Despite being disclosed in early 2024, scanning for this template injection vulnerability has spiked by 300% this week. Ransomware groups are specifically targeting unpatched Confluence instances to deploy encryptors. These vulnerabilities have been confirmed as being exploited
The most significant event within the -06-12-2024- window was the June 2024 Patch Tuesday (released on June 11). Microsoft, Adobe, and SAP released 76 unique patches. A 0-day in the V8 JavaScript engine (CVE-2024-5274,
The following CVEs represent the Top 3 most scanned vulnerabilities on the ingress of corporate networks this week. Ransomware affiliates are paying bounties for access via these specific flaws.
| Rank | CVE ID | Asset Type | Exploit Maturity | Affiliate Bounty | | :--- | :--- | :--- | :--- | :--- | | 1 | CVE-2023-46805 (Ivanti) | Edge Gateways | Weaponized | $15,000 | | 2 | CVE-2024-2875 (QNAP QTS) | NAS Devices | Automated (MassScan) | $8,000 | | 3 | CVE-2022-47966 (ManageEngine) | AD Integration | LDAP Injection | $5,000 |