COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%

·LAST SYNC: 07:46:51 PM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%

·LAST SYNC: 07:46:52 PM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// weekly digest

2024-W51

2024-12-16 00:00 UTC 2024-12-22 23:59 UTC

← 2024-W50 all weeks 2024-W52 →

// total

0

// critical

0

// high

0

// medium

0

// low

0

// new kev

8

// top critical

No CRITICAL CVEs published this week.

// top high

No HIGH CVEs published this week.

// new kev additions

CVE-2024-12356NONEKEV
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVE-2021-40407NONEKEV
Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.
CVE-2019-11001NONEKEV
Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

CVE-2022-23227NONEKEV

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

CVE-2018-14933NONEKEV

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

CVE-2024-55956NONEKEV

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

CVE-2024-35250NONEKEV

Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

CVE-2024-20767NONEKEV

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational