Sep 12, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 6 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2022-37767
Pebbletemplates Pebble Templates RCE
- CVSS 9.8
- Remote code execution exposure
New critical Pebbletemplates Pebble Templates RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-37860
Tp-link M7350 Firmware Command Injection
New critical Tp-link M7350 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-38297
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
- CVSS 9.8
- Authentication bypass — unauthenticated access risk
New critical Ucms Project Ucms Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and...
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injectio...
SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibli...
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.
View critical disclosures
cvelogic
Threat Intelligence