Mar 22, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Irz Rl01 Firmware: public exploit or PoC linked (RCE)
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-27226 Irz Rl01 Firmware RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Irz Rl01 Firmware RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2021-41736 Grame Faust Buffer Overflow

  • CVSS 9.8

New critical Grame Faust Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-27226 Exploit

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router admin...

CVE-2021-44529 Exploit

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-41736 CVSS 9.8

Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.

CVE-2021-43650 CVSS 9.8

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.

CVE-2021-45809 CVSS 9.8

GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application.

CVE-2022-25517 CVSS 9.8

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper....

CVE-2022-26186 CVSS 9.8

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecg...

CVE-2022-26187 CVSS 9.8

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.

CVE-2022-26188 CVSS 9.8

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.

CVE-2022-26189 CVSS 9.8

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the logi...

CVE-2022-26260 CVSS 9.8

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().

CVE-2022-27228 CVSS 9.8

In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary c...

View critical disclosures

cvelogic Threat Intelligence