Aug 16, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-2661 Sequi Portbloque S Firmware privilege escalation

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Sequi Portbloque S Firmware privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-39085 Ibm Sterling B2b Integrator SQL Injection

  • CVSS 9.8

New critical Ibm Sterling B2b Integrator SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-36242 Oretnom23 Clinic\'s Patient Management System SQL Injection

  • CVSS 9.8

New critical Oretnom23 Clinic\'s Patient Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-39085 CVSS 9.8

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable...

CVE-2022-1399 CVSS 9.1

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42...

CVE-2022-2661 CVSS 9.9

Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions...

CVE-2022-2662 CVSS 9.6

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-le...

CVE-2022-30264 CVSS 9.8

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations.

CVE-2022-36242 CVSS 9.8

Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.

CVE-2022-36272 CVSS 9.8

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

CVE-2022-36273 CVSS 9.8

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

CVE-2022-36344 CVSS 9.8

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corpora...

CVE-2022-36599 CVSS 9.8

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.

View critical disclosures

cvelogic Threat Intelligence