Apr 5, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-26628 Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.

  • CVSS 9.8

New critical Matrimony Project Matrimony SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-27123 Employee Performance Evaluation Project Employee Performance Evaluation SQL Injection

  • CVSS 9.8

New critical Employee Performance Evaluation Project Employee Performance Evaluation SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-27124 Angeljudesuarez Insurance Management System SQL Injection

  • CVSS 9.8

New critical Angeljudesuarez Insurance Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-26628 CVSS 9.8

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.

CVE-2022-26635 CVSS 9.8

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.

CVE-2022-27123 CVSS 9.8

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.

CVE-2022-27124 CVSS 9.8

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.

CVE-2022-27304 CVSS 9.8

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.

CVE-2022-28115 CVSS 9.8

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

CVE-2022-28116 CVSS 9.8

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

CVE-2022-28219 CVSS 9.8

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

CVE-2022-28467 CVSS 9.8

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.

CVE-2022-28468 CVSS 9.8

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.

View critical disclosures

cvelogic Threat Intelligence