Sep 6, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-36067 vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.

  • CVSS 10
  • Remote code execution exposure

New critical Vm2 Project Vm2 RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-1368 Cognex 3d-a1000 Dimensioning System Firmware privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Cognex 3d-a1000 Dimensioning System Firmware privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-26447 In BT firmware, there is a possible out of bounds write due to a missing bounds check.

  • CVSS 9.8
  • Remote code execution exposure

New critical Google Android RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-21516 CVSS 9.8

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP...

CVE-2022-1368 CVSS 9.8

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for C...

CVE-2022-1525 CVSS 9.1

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of S...

CVE-2022-26447 CVSS 9.8

In BT firmware, there is a possible out of bounds write due to a missing bounds check.

CVE-2022-31789 CVSS 9.8

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and p...

CVE-2022-31860 CVSS 9.8

An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule.

CVE-2022-36067 CVSS 10

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.

CVE-2022-36663 CVSS 9.8

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.

CVE-2022-40109 CVSS 9.8

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.

CVE-2022-40111 CVSS 9.8

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.

View critical disclosures

cvelogic Threat Intelligence