Sep 8, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • D-Link DIR-820L: 3 CVEs added to CISA KEV today.
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-27593 QNAP Photo Station Externally Controlled Reference

  • Actively exploited (CISA KEV)
  • CVSS 10
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2022-36084 Aeb Cruddl

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-36099 Xwiki

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Google Chromium Mojo Insufficient Data Validation

CVE-2022-27593 KEV CVSS 10

QNAP Photo Station Externally Controlled Reference

Apple iOS, iPadOS, and macOS Input Validation

Fortinet FortiOS and FortiADC Improper Access Control

MikroTik RouterOS Stack-Based Buffer Overflow

NETGEAR Multiple Devices Exposure of Sensitive Information

D-Link DIR-300 Router Cleartext Storage of a Password

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-33941 CVSS 9.8

PowerCMS XMLRPC API provided by Alfasado Inc.

CVE-2022-36084 CVSS 9.9

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema.

CVE-2022-36099 CVSS 9.9

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform.

CVE-2022-36100 CVSS 9.9

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform.

CVE-2022-37163 CVSS 9.8

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the applica...

CVE-2022-37164 CVSS 9.8

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via b...

CVE-2022-38394 CVSS 9.8

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthent...

View critical disclosures

cvelogic Threat Intelligence