Jul 22, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-25759 Convert-svg-core Project Convert-svg-core

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-34500 Pypi Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Pypi Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-34501 Pypi Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Pypi Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-25759 CVSS 9.9

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.

CVE-2022-30998 CVSS 9.1

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organize...

CVE-2022-34113 CVSS 9.8

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

CVE-2022-34115 CVSS 9.8

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

CVE-2022-34500 CVSS 9.8

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

CVE-2022-34501 CVSS 9.8

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

CVE-2022-34509 CVSS 9.8

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party.

CVE-2022-34981 CVSS 9.8

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

CVE-2022-34982 CVSS 9.8

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

CVE-2022-34983 CVSS 9.8

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.

View critical disclosures

cvelogic Threat Intelligence