Jun 29, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-32532 Apache Shiro privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Apache Shiro privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-33107 Thinkphp Deserialization

  • CVSS 9.8

New critical Thinkphp Deserialization (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-40597 The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-40597 CVSS 9.8

The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.

CVE-2022-32532 CVSS 9.8

Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers.

CVE-2022-33107 CVSS 9.8

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\S...

View critical disclosures

cvelogic Threat Intelligence