Mar 16, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Pluck-cms Pluck: public exploit or PoC linked (RCE)
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-40964 Prasathmani Tiny File Manager Path Traversal

Public exploit or PoC available
Exploit activity linked

Prasathmani Tiny File Manager Path Traversal now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-45010 Prasathmani Tiny File Manager Code Execution

Public exploit or PoC available
Exploit activity linked
Remote code execution exposure

Prasathmani Tiny File Manager Code Execution now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-0982 Accel-ppp Memory Corruption

CVSS 9.8

New critical Accel-ppp Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-26965 Exploit

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.

CVE-2021-45010 Exploit

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote at...

CVE-2022-24112 Exploit

Apache APISIX Authentication Bypass

CVE-2021-40964 Exploit

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (wi...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-39720 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A

CVE-2021-39723 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A

CVE-2021-39737 CVSS 9.8

Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A

CVE-2022-0982 CVSS 9.8

The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdl...

CVE-2022-23610 CVSS 9.1

wire-server provides back end services for Wire, an open source messenger.

CVE-2022-23812 CVSS 9.8

This affects the package node-ipc from 10.1.1 and before 10.1.3.

CVE-2022-25246 CVSS 9.8

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation.

CVE-2022-25247 CVSS 9.8

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specif...

CVE-2022-25251 CVSS 9.8

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to...

CVE-2022-26293 CVSS 9.8

Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function s...

View critical disclosures

cvelogic Threat Intelligence