Jun 16, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-41487 NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

  • CVSS 9.8

New critical Nokia Vitalsuite SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-41654 Wuzhicms SQL Injection

  • CVSS 9.8

New critical Wuzhicms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-24562 Iobit Iotransfer RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Iobit Iotransfer RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-41487 CVSS 9.8

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

CVE-2021-41654 CVSS 9.8

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue paramet...

CVE-2022-24562 CVSS 9.8

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write acces...

CVE-2022-30329 CVSS 9.8

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

CVE-2022-31382 CVSS 9.8

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory....

CVE-2022-31383 CVSS 9.8

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.

CVE-2022-31384 CVSS 9.8

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

CVE-2022-33750 CVSS 9.8

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker...

CVE-2022-33752 CVSS 9.8

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote...

CVE-2022-33754 CVSS 9.8

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote...

View critical disclosures

cvelogic Threat Intelligence