May 13, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-30385 Merchandise Online Store Project Merchandise Online Store SQL Injection

  • CVSS 9.8

New critical Merchandise Online Store Project Merchandise Online Store SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-30386 Merchandise Online Store Project Merchandise Online Store SQL Injection

  • CVSS 9.8

New critical Merchandise Online Store Project Merchandise Online Store SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-30387 Merchandise Online Store Project Merchandise Online Store SQL Injection

  • CVSS 9.8

New critical Merchandise Online Store Project Merchandise Online Store SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-1715 CVSS 9.8

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.

CVE-2022-22282 CVSS 9.8

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connect...

CVE-2022-30385 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.

CVE-2022-30386 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.

CVE-2022-30387 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.

CVE-2022-30391 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.

CVE-2022-30392 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.

CVE-2022-30395 CVSS 9.8

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.

CVE-2022-30407 CVSS 9.8

Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=.

CVE-2022-30413 CVSS 9.8

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.

View critical disclosures

cvelogic Threat Intelligence