Apr 29, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-24900 Piano Led Visualizer Project Piano Led Visualizer Path Traversal

  • CVSS 9.9

New critical Piano Led Visualizer Project Piano Led Visualizer Path Traversal (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-44596 Wondershare LTD Dr.

  • CVSS 9.8
  • Remote code execution exposure

New critical Wondershare Dr.fone RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-1531 Rtx Project Rtx RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Rtx Project Rtx RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-1531 CVSS 9.8

SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in GitHub repository rtxteam/rtx prior to checkpoint_2022-04-20 .

CVE-2022-24900 CVSS 9.9

Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer.

CVE-2022-28452 CVSS 9.8

Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.

CVE-2022-28480 CVSS 9.8

ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.exe.

CVE-2022-28994 CVSS 9.8

Small HTTP Server version 3.06 suffers from a remote buffer overflow vulnerability via long GET request.

CVE-2022-29904 CVSS 9.8

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with...

CVE-2022-29906 CVSS 9.8

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a che...

View critical disclosures

cvelogic Threat Intelligence