May 24, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

Microsoft Windows: 10 CVEs added to CISA KEV today.
10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2016-0162 Microsoft Internet Explorer Information Disclosure

Actively exploited (CISA KEV)
Listed on CISA KEV

Microsoft Internet Explorer Info Disclosure is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-29246 Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack.

CVSS 9.8

New critical Eclipse Threadx Usbx Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-29337 Cdatatec Fd702xw-x-r430 Firmware Command Injection

CVSS 9.8

New critical Cdatatec Fd702xw-x-r430 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2018-19943 KEV

QNAP NAS File Station Cross-Site Scripting

CVE-2018-19949 KEV

QNAP NAS File Station Command Injection

CVE-2018-19953 KEV

QNAP NAS File Station Cross-Site Scripting

CVE-2017-18362 KEV

Kaseya VSA SQL Injection

CVE-2018-8611 KEV

Microsoft Windows Kernel Privilege Escalation

CVE-2017-8543 KEV

Microsoft Windows Search Remote Code Execution

CVE-2017-8291 KEV

Artifex Ghostscript Type Confusion

CVE-2017-0210 KEV

Microsoft Internet Explorer Privilege Escalation

CVE-2017-0005 KEV

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation

CVE-2017-0022 KEV

Microsoft XML Core Services Information Disclosure

CVE-2017-0147 KEV

Microsoft Windows SMBv1 Information Disclosure

CVE-2017-0149 KEV

Microsoft Internet Explorer Memory Corruption

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-4926 CVSS 9.1

New critical Ibm Elastic Storage System exposure disclosed.

CVE-2021-45914 CVSS 9.8

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request.

CVE-2021-45915 CVSS 9.8

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value.

CVE-2022-29246 CVSS 9.8

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack.

CVE-2022-29334 CVSS 9.8

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.

CVE-2022-29337 CVSS 9.8

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6.

CVE-2022-29361 CVSS 9.8

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted...

CVE-2022-30455 CVSS 9.8

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.

CVE-2022-30461 CVSS 9.8

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id

CVE-2022-30838 CVSS 9.8

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status

View critical disclosures

cvelogic Threat Intelligence