Aug 25, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Apache CouchDB: 2 CVEs added to CISA KEV today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2020-28949 PEAR Archive_Tar Deserialization of Untrusted Data

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

PEAR Archive Tar Deserialization is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-28747 Gosecure Titan Inbox Detection \& Response RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Gosecure Titan Inbox Detection \& Response RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-36692 Ingredients Stock Management System Project Ingredients Stock Management System SQL Injection

  • CVSS 9.8

New critical Ingredients Stock Management System Project Ingredients Stock Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2022-24706 KEV

Apache CouchDB Insecure Default Initialization of Resource

CVE-2022-22963 KEV

VMware Tanzu Spring Cloud Function Remote Code Execution

CVE-2021-38406 KEV

Delta Electronics DOPSoft 2 Improper Input Validation

CVE-2020-28949 KEV

PEAR Archive_Tar Deserialization of Untrusted Data

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-28747 CVSS 9.8

Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution.

CVE-2022-31499 CVSS 9.8

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo.

CVE-2022-36692 CVSS 9.8

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master....

CVE-2022-36693 CVSS 9.8

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master....

CVE-2022-36695 CVSS 9.8

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master....

CVE-2022-36696 CVSS 9.8

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master....

CVE-2022-36697 CVSS 9.8

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master....

CVE-2022-36715 CVSS 9.8

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php.

CVE-2022-36716 CVSS 9.8

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php.

CVE-2022-36719 CVSS 9.8

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php.

View critical disclosures

cvelogic Threat Intelligence