Jul 11, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • F5 Blockchain Platform: public exploit or PoC linked
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-23017 F5 Blockchain Platform

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2022-1057 Varktech Pricing Deals For Woocommerce SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Varktech Pricing Deals For Woocommerce SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-1952 Syntacticsinc Easync RCE

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Syntacticsinc Easync RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-23017 Exploit

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-35169 CVSS 9.1

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper...

CVE-2020-4150 CVSS 9.8

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inb...

CVE-2022-1057 CVSS 9.8

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in...

CVE-2022-1952 CVSS 9.8

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation w...

CVE-2022-2302 CVSS 9.8

Multiple Lenze products of the cabinet series skip the password verification upon second login.

CVE-2022-31585 CVSS 9.3

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file func...

CVE-2022-31586 CVSS 9.3

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_fil...

CVE-2022-31587 CVSS 9.3

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file fun...

CVE-2022-31588 CVSS 9.3

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is u...

CVE-2022-32294 CVSS 9.8

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command).

View critical disclosures

cvelogic Threat Intelligence