Feb 25, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Office: 3 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2017-0222 Microsoft Internet Explorer Remote Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Microsoft Internet Explorer RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2021-42952 Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability.

  • CVSS 9.9
  • Remote code execution exposure

New critical Zepl RCE (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-25060 Tp-link Tl-wr840n Firmware Command Injection

  • CVSS 9.8

New critical Tp-link Tl-wr840n Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting

Microsoft Internet Explorer Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-42952 CVSS 9.9

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability.

CVE-2022-24442 CVSS 9.8

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

CVE-2022-25060 CVSS 9.8

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

CVE-2022-25061 CVSS 9.8

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

CVE-2022-25064 CVSS 9.8

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpA...

CVE-2022-25095 CVSS 9.8

Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.

CVE-2022-25096 CVSS 9.8

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/vi...

CVE-2022-25260 CVSS 9.1

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).

CVE-2022-25262 CVSS 9.8

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

CVE-2022-25263 CVSS 9.8

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

View critical disclosures

cvelogic Threat Intelligence