Apr 19, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Microsoft Windows added to CISA KEV — confirmed in-the-wild exploitation.
  • Code-atlantic Popup Maker: public exploit or PoC linked (XSS)
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2018-6882 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Synacor Zimbra Collaboration Suite (ZCS) XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Active exploit activity

CVE-2021-4039 Zyxel Nwa1100-nh Firmware Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

Zyxel Nwa1100-nh Firmware Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-21431 Oracle Communications Billing And Revenue Management

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Microsoft Windows Print Spooler Privilege Escalation

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)

View KEV additions

Exploit & PoC activity

CVE-2022-1104 Exploit

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege...

CVE-2021-42136 Exploit

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers...

CVE-2022-24181 Exploit

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary...

CVE-2022-0482 Exploit

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.

CVE-2021-4039 Exploit

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-0992 CVSS 9.8

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as admini...

CVE-2022-21420 CVSS 9.8

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core).

CVE-2022-21431 CVSS 10

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Conne...

CVE-2022-21445 CVSS 9.8

Oracle ADF Faces Deserialization of Untrusted Data

CVE-2022-24826 CVSS 9.8

On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not fou...

CVE-2022-27104 CVSS 9.8

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.

CVE-2022-27862 CVSS 9.8

Arbitrary File Upload leading to RCE in E4J s.r.l.

CVE-2022-27927 CVSS 9.8

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database.

View critical disclosures

cvelogic Threat Intelligence