Apr 13, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Adobe Flash Player: 6 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2014-9163 Adobe Flash Player Stack-Based Buffer Overflow

Actively exploited (CISA KEV)
Listed on CISA KEV

Adobe Flash Player Buffer Overflow is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-24816 OSGeo GeoServer JAI-EXT Code Injection

CVSS 10
Remote code execution exposure

New critical OSGeo JAI-EXT RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-22955 Vmware Identity Manager Auth Bypass

CVSS 9.8
Authentication bypass — unauthenticated access risk

New critical Vmware Identity Manager Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2022-24521 KEV

Microsoft Windows CLFS Driver Privilege Escalation

CVE-2018-20753 KEV

Kaseya VSA Remote Code Execution

CVE-2018-7602 KEV

Drupal Core Remote Code Execution

CVE-2015-2502 KEV

Microsoft Internet Explorer Memory Corruption

CVE-2015-5122 KEV

Adobe Flash Player Use-After-Free

CVE-2015-5123 KEV

Adobe Flash Player Use-After-Free

CVE-2015-3113 KEV

Adobe Flash Player Heap-Based Buffer Overflow

CVE-2015-0313 KEV

Adobe Flash Player Use-After-Free

CVE-2015-0311 KEV

Adobe Flash Player Remote Code Execution

CVE-2014-9163 KEV

Adobe Flash Player Stack-Based Buffer Overflow

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-22794 CVSS 9.1

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code...

CVE-2021-22795 CVSS 9.1

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause...

CVE-2021-42136 CVSS 9

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers...

CVE-2022-1344 CVSS 9

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810.

CVE-2022-1345 CVSS 9

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810.

CVE-2022-1346 CVSS 9

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810.

CVE-2022-22955 CVSS 9.8

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.

CVE-2022-22956 CVSS 9.8

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework.

CVE-2022-24816 CVSS 10

OSGeo GeoServer JAI-EXT Code Injection

CVE-2022-27479 CVSS 9.8

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests.

View critical disclosures

cvelogic Threat Intelligence