Home
» Risk & Exploitation
» Daily threat intelligence
» Apr 19, 2022
Apr 19, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Microsoft Windows added to CISA KEV — confirmed in-the-wild exploitation.
Code-atlantic Popup Maker: public exploit or PoC linked (XSS)
8 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2018-6882
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
Actively exploited (CISA KEV)
Listed on CISA KEV
Synacor Zimbra Collaboration Suite (ZCS) XSS is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Active exploit activity
CVE-2021-4039
Zyxel Nwa1100-nh Firmware Command Injection
Public exploit or PoC available
Exploit activity linked
Zyxel Nwa1100-nh Firmware Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Critical exposure
CVE-2022-21431
Oracle Communications Billing And Revenue Management
New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Microsoft Windows Print Spooler Privilege Escalation
WhatsApp VOIP Stack Buffer Overflow
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS)
View KEV additions
Exploit & PoC activity
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege...
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers...
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary...
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS...
View new exploit links
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as admini...
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core).
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Conne...
Oracle ADF Faces Deserialization of Untrusted Data
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not fou...
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
Arbitrary File Upload leading to RCE in E4J s.r.l.
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database.
View critical disclosures
cvelogic
Threat Intelligence