Aug 15, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-36010 React Editable Json Tree Project React Editable Json Tree

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-21642 Zohocorp Manageengine Analytics Plus Directory Traversal

  • CVSS 9.8

New critical Zohocorp Manageengine Analytics Plus Directory Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-36523 Dlink Go-rt-ac750 Firmware Command Injection

  • CVSS 9.8

New critical Dlink Go-rt-ac750 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-21642 CVSS 9.8

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows re...

CVE-2022-2314 CVSS 9.8

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.

CVE-2022-2818 CVSS 9.8

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

CVE-2022-34294 CVSS 9.8

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers.

CVE-2022-36010 CVSS 10

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxy...

CVE-2022-36308 CVSS 9.1

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stor...

CVE-2022-36523 CVSS 9.8

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.

CVE-2022-36525 CVSS 9.8

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.

CVE-2022-38221 CVSS 9.8

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 a...

View critical disclosures

cvelogic Threat Intelligence