May 12, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

College Management System Project College Management System: public exploit or PoC linked (SQL Injection)
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-28079 College Management System Project College Management System SQL Injection

Public exploit or PoC available
Exploit activity linked

College Management System Project College Management System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-28080 Event Management System Project Event Management System SQL Injection

Public exploit or PoC available
Exploit activity linked

Event Management System Project Event Management System SQL Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-29363 Phpok Deserialization

CVSS 9.8

New critical Phpok Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-1388 Exploit

F5 BIG-IP Missing Authentication

CVE-2022-28079 Exploit

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter.

CVE-2022-28080 Exploit

Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.

CVE-2021-46424 Exploit

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, ev...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-29363 CVSS 9.8

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php.

CVE-2022-29738 CVSS 9.8

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.

CVE-2022-29739 CVSS 9.8

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.

CVE-2022-29741 CVSS 9.8

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.

CVE-2022-29745 CVSS 9.8

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.

CVE-2022-29746 CVSS 9.8

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.

CVE-2022-29998 CVSS 9.8

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.

CVE-2022-29999 CVSS 9.8

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.

CVE-2022-30000 CVSS 9.8

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.

CVE-2022-30001 CVSS 9.8

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.

View critical disclosures

cvelogic Threat Intelligence