May 3, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-43163 Ruijienetworks Reyeeos RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Ruijienetworks Reyeeos RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-27413 Hospital Management System Project Hospital Management System SQL Injection

  • CVSS 9.8

New critical Hospital Management System Project Hospital Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-27420 Hospital Management System Project Hospital Management System SQL Injection

  • CVSS 9.8

New critical Hospital Management System Project Hospital Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-43163 CVSS 9.8

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P...

CVE-2022-27413 CVSS 9.8

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

CVE-2022-27420 CVSS 9.8

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearc...

CVE-2022-27431 CVSS 9.8

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.

CVE-2022-27962 CVSS 9.8

Bluecms 1.6 has a SQL injection vulnerability at cooike.

CVE-2022-28055 CVSS 9.8

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function.

CVE-2022-28560 CVSS 9.8

There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router.

CVE-2022-28561 CVSS 9.8

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router.

CVE-2022-28585 CVSS 9.8

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php

View critical disclosures

cvelogic Threat Intelligence