May 2, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-23620 Orlansoft Erp Deserialization

  • CVSS 9.8

New critical Orlansoft Erp Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-23621 Squire-technologies Svi Ms Management System Deserialization

  • CVSS 9.8

New critical Squire-technologies Svi Ms Management System Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-1371 Deltaww Diaenergie SQL Injection

  • CVSS 9.8

New critical Deltaww Diaenergie SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-23620 CVSS 9.8

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deseriali...

CVE-2020-23621 CVSS 9.8

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecur...

CVE-2022-1371 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf.

CVE-2022-1372 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx.

CVE-2022-1374 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx.

CVE-2022-1375 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx.

CVE-2022-1376 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx.

CVE-2022-1377 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx.

CVE-2022-1378 CVSS 9.8

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx.

CVE-2022-28118 CVSS 9.8

SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.

View critical disclosures

cvelogic Threat Intelligence