Jul 21, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Octobot: public exploit or PoC linked (RCE)
  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-36711 Octobot RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Octobot RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Active exploit activity

CVE-2022-24562 Iobit Iotransfer RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Remote code execution exposure

Iobit Iotransfer RCE now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2022-20857 Cisco Nexus Dashboard

  • CVSS 9.8
  • Network edge / SD-WAN deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2021-36711 Exploit

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

CVE-2022-31854 Exploit

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

CVE-2022-33098 Exploit

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function.

CVE-2022-24562 Exploit

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write acces...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-0973 CVSS 9.6

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption v...

CVE-2022-0977 CVSS 9.6

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage...

CVE-2022-20857 CVSS 9.8

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

CVE-2022-20858 CVSS 9.8

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

CVE-2022-20861 CVSS 9.8

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

CVE-2022-28700 CVSS 9.1

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVE-2022-33198 CVSS 9.8

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

CVE-2022-34487 CVSS 9.8

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.

View critical disclosures

cvelogic Threat Intelligence