May 4, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Apple Multiple Products: 2 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2014-0160 OpenSSL Information Disclosure

Actively exploited (CISA KEV)
Listed on CISA KEV

OpenSSL Info Disclosure is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-30292 Fedoraproject Fedora Buffer Overflow

CVSS 10

New critical Fedoraproject Fedora Buffer Overflow (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-20777 Cisco Enterprise Nfv Infrastructure Software

CVSS 9.9
Network edge / SD-WAN deployments affected

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2021-1789 KEV

Apple Multiple Products Type Confusion

CVE-2019-8506 KEV

Apple Multiple Products Type Confusion

CVE-2014-4113 KEV

Microsoft Win32k Privilege Escalation

CVE-2014-0160 KEV

OpenSSL Information Disclosure

CVE-2014-0322 KEV

Microsoft Internet Explorer Use-After-Free

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-42235 CVSS 9.8

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administratio...

CVE-2022-20777 CVSS 9.9

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual...

CVE-2022-20779 CVSS 9.9

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual...

CVE-2022-20780 CVSS 9.9

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual...

CVE-2022-28557 CVSS 9.8

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin...

CVE-2022-28568 CVSS 9.8

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel.

CVE-2022-29155 CVSS 9.8

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd,...

CVE-2022-29347 CVSS 9.8

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file.

CVE-2022-30284 CVSS 9

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not...

CVE-2022-30292 CVSS 10

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.

View critical disclosures

cvelogic Threat Intelligence