Aug 22, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Palo Alto Networks PAN-OS added to CISA KEV — confirmed in-the-wild exploitation.
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-0028 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2022-30547 Wwbn Avideo Directory Traversal

  • CVSS 9.9

New critical Wwbn Avideo Directory Traversal (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-34149 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Miniorange Wp Oauth Server Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2022-0028 KEV

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-3586 CVSS 9.8

A flaw was found in servicemesh-operator.

CVE-2022-26842 CVSS 9.6

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master...

CVE-2022-28712 CVSS 9

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

CVE-2022-30547 CVSS 9.9

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

CVE-2022-34149 CVSS 9.8

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

CVE-2022-34858 CVSS 9.8

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

CVE-2022-35150 CVSS 9.8

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.

CVE-2022-35583 CVSS 9.8

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag...

CVE-2022-37134 CVSS 9.8

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi.

CVE-2022-38667 CVSS 9.8

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.

View critical disclosures

cvelogic Threat Intelligence