Feb 9, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Thedigitalcraft Atomcms: public exploit or PoC linked (SQL Injection)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-24223 AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.

  • Public exploit or PoC available
  • Exploit activity linked

Thedigitalcraft Atomcms SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-22536 SAP Multiple Products HTTP Request Smuggling

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2021-39997 Huawei Emui Out-of-Bounds Write

  • CVSS 9.8

New critical Huawei Emui Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-24223 Exploit

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-39997 CVSS 9.8

There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may...

CVE-2022-22532 CVSS 9.8

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49...

CVE-2022-22544 CVSS 9.1

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnost...

CVE-2022-22810 CVSS 9.8

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the...

CVE-2022-22813 CVSS 9.8

A CWE-798: Use of Hard-coded Credentials vulnerability exists.

CVE-2022-24310 CVSS 9.8

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service...

CVE-2022-24311 CVSS 9.8

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing f...

CVE-2022-24312 CVSS 9.8

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing f...

CVE-2022-24313 CVSS 9.8

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially lea...

View critical disclosures

cvelogic Threat Intelligence