Apr 12, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-27139 Ghost RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Ghost RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-28034 AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php

  • CVSS 9.8

New critical Thedigitalcraft Atomcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-28035 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php

  • CVSS 9.8

New critical Thedigitalcraft Atomcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-27139 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafte...

CVE-2022-27140 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code v...

CVE-2022-27260 CVSS 9.8

An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a...

CVE-2022-27262 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a craft...

CVE-2022-27263 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafte...

CVE-2022-27952 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a c...

CVE-2022-28034 CVSS 9.8

AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php

CVE-2022-28035 CVSS 9.8

Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php

CVE-2022-28036 CVSS 9.8

AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php

CVE-2022-28397 CVSS 9.8

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a cr...

View critical disclosures

cvelogic Threat Intelligence