Sep 13, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-38637 Hospital Management System Project Hospital Management System SQL Injection

  • CVSS 9.8

New critical Hospital Management System Project Hospital Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-38768 Transtek Mojodat Fixed Asset Management privilege escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Transtek Mojodat Fixed Asset Management privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-39815 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

  • CVSS 9.8

New critical Nokia 1350 Optical Management System Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4...

CVE-2022-20389 CVSS 9.8

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004

CVE-2022-20390 CVSS 9.8

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002

CVE-2022-20391 CVSS 9.8

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000

CVE-2022-34831 CVSS 9.8

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an...

CVE-2022-35413 CVSS 9.8

WAPPLES through 6.0 has a hardcoded systemi account.

CVE-2022-38637 CVSS 9.8

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters...

CVE-2022-38768 CVSS 9.8

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.

CVE-2022-38771 CVSS 9.8

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected inp...

CVE-2022-39815 CVSS 9.8

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

View critical disclosures

cvelogic Threat Intelligence