Home
» Risk & Exploitation
» Daily threat intelligence
» Apr 5, 2022
Apr 5, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2022-26628
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.
New critical Matrimony Project Matrimony SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-27123
Employee Performance Evaluation Project Employee Performance Evaluation SQL Injection
New critical Employee Performance Evaluation Project Employee Performance Evaluation SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-27124
Angeljudesuarez Insurance Management System SQL Injection
New critical Angeljudesuarez Insurance Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
View critical disclosures
cvelogic
Threat Intelligence