Mar 2, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Kofax Printix: public exploit or PoC linked (CVSS 9.8, privilege escalation)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-25089 Kofax Printix privilege escalation

  • Public exploit or PoC available
  • CVSS 9.8
  • Exploit activity linked
  • Potential privilege escalation to admin/root

Kofax Printix privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-44664 Xerte Path Traversal

  • Public exploit or PoC available
  • Exploit activity linked

Xerte Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-25045 Home Owners Collection Management System Project Home Owners Collection Management System privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Home Owners Collection Management System Project Home Owners Collection Management System privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-25089 Exploit CVSS 9.8

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITa...

CVE-2021-46387 Exploit

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS).

CVE-2021-44664 Exploit

An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by upload...

CVE-2021-44665 Exploit

A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-25045 CVSS 9.8

Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileg...

CVE-2022-25394 CVSS 9.8

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.

CVE-2022-25395 CVSS 9.6

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the se...

CVE-2022-25396 CVSS 9.8

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.

CVE-2022-25398 CVSS 9.8

Auto Spare Parts Management v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.

CVE-2022-25399 CVSS 9.8

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

CVE-2022-26169 CVSS 9.8

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref_code parameter.

CVE-2022-26170 CVSS 9.8

Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.

CVE-2022-26171 CVSS 9.8

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter.

View critical disclosures

cvelogic Threat Intelligence