Apr 1, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-22570 Ui Ua Lite Firmware Buffer Overflow

  • CVSS 10

New critical Ui Ua Lite Firmware Buffer Overflow (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-32953 Auvesy-mdt Autosave SQL injection

  • CVSS 9.8

New critical Auvesy-mdt Autosave SQL injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-32976 Moxa Nport Iaw5150a-12i\/o Firmware Buffer Overflow

  • CVSS 9.8

New critical Moxa Nport Iaw5150a-12i\/o Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-32953 CVSS 9.8

An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, gr...

CVE-2021-32974 CVSS 9.8

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote...

CVE-2021-32976 CVSS 9.8

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote att...

CVE-2022-22570 CVSS 10

A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a...

CVE-2022-22963 CVSS 9.8

VMware Tanzu Spring Cloud Function Remote Code Execution

CVE-2022-22965 CVSS 9.8

Spring Framework JDK 9+ Remote Code Execution

CVE-2022-25157 CVSS 9.1

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versi...

CVE-2022-25158 CVSS 9.1

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi E...

CVE-2022-27177 CVSS 9.8

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior...

CVE-2022-27534 CVSS 9.8

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug i...

View critical disclosures

cvelogic Threat Intelligence