CISA has added CVE-2024-40766 to its KEV catalog, thus confirming it is being actively exploited by attackers.

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

https://www.cyberveille-sante.gouv.fr/alertes/7-zip-cve-2023-52168-2024-07-04

https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0518/

A new PHP for Windows RCE flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide.

https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0463/

Check Point released hotfixes for a VPN zero-day, tracked as CVE-2024-24919, which is actively being exploited in attacks in the wild

https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0434/

https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0424/

Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852)

https://www.cyberveille-sante.gouv.fr/alertes/check-point-cve-2024-24912-2024-05-06

Vladimir Tokarev will detail a series of critical zero-day vulnerabilities (OVPNX) in OpenVPN, the world's leading VPN solution