Sep 12, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-37767 Pebbletemplates Pebble Templates RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Pebbletemplates Pebble Templates RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-37860 Tp-link M7350 Firmware Command Injection

  • CVSS 9.8

New critical Tp-link M7350 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-38297 UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Ucms Project Ucms Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-37300 CVSS 9.8

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and...

CVE-2022-37767 CVSS 9.8

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.

CVE-2022-37860 CVSS 9.8

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injectio...

CVE-2022-38292 CVSS 9.8

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibli...

CVE-2022-38296 CVSS 9.8

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.

CVE-2022-38297 CVSS 9.8

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

View critical disclosures

cvelogic Threat Intelligence