Apr 8, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-28001 Movie Seat Reservation Project Movie Seat Reservation SQL Injection

  • CVSS 9.8

New critical Movie Seat Reservation Project Movie Seat Reservation SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-43517 Foscam Fi9805e Firmware

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-27047 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-43517 CVSS 9.8

FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command...

CVE-2022-26851 CVSS 9.1

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability.

CVE-2022-27047 CVSS 9.8

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.

CVE-2022-27351 CVSS 9.8

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy.

CVE-2022-27357 CVSS 9.8

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php.

CVE-2022-28001 CVSS 9.8

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.

CVE-2022-28805 CVSS 9.1

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-ba...

View critical disclosures

cvelogic Threat Intelligence