May 17, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

SolarView Compact: public exploit or PoC linked (Command Injection)
8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-46422 Telesquare Sdt-cs3b1 Firmware Command Injection

Public exploit or PoC available
Exploit activity linked

Telesquare Sdt-cs3b1 Firmware Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-0967 Showdoc cross-site scripting

Public exploit or PoC available
Exploit activity linked

Showdoc cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-1357 Cambiumnetworks Cnmaestro privilege escalation

CVSS 9.8
Potential privilege escalation to admin/root

New critical Cambiumnetworks Cnmaestro privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-29303 Exploit

SolarView Compact Command Injection

CVE-2022-29727 Exploit

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.

CVE-2021-46422 Exploit

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands with...

CVE-2022-0967 Exploit

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-1357 CVSS 9.8

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the pri...

CVE-2022-24108 CVSS 9.8

The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parame...

CVE-2022-24856 CVSS 9.1

FlyteConsole is the web user interface for the Flyte platform.

CVE-2022-28616 CVSS 9.8

A remote server-side request forgery (ssrf) vulnerability was discovered in HPE OneView version(s): Prior to 7.0.

CVE-2022-28617 CVSS 9.8

A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0.

CVE-2022-30052 CVSS 9.8

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.

CVE-2022-30053 CVSS 9.8

In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.

CVE-2022-30054 CVSS 9.8

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.

View critical disclosures

cvelogic Threat Intelligence