Jul 7, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-35283 Atoms183 Cms Project Atoms183 Cms SQL Injection

  • CVSS 9.8

New critical Atoms183 Cms Project Atoms183 Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-25046 Control-webpanel Webpanel Path Traversal

  • CVSS 9.8

New critical Control-webpanel Webpanel Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-32054 Tenda Ac10 Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Tenda Ac10 Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-29281 CVSS 9.8

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin whi...

CVE-2021-35283 CVSS 9.8

SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname,...

CVE-2021-46825 CVSS 9.1

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability.

CVE-2022-25046 CVSS 9.8

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.

CVE-2022-32054 CVSS 9.8

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp par...

CVE-2022-32056 CVSS 9.8

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.

CVE-2022-32207 CVSS 9.8

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a...

CVE-2022-32449 CVSS 9.8

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageC...

CVE-2022-34592 CVSS 9.8

Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw.

View critical disclosures

cvelogic Threat Intelligence