Sep 16, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-3214 Deltaww Diaenergie RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Deltaww Diaenergie RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-38621 Doufox RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Doufox RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-39007 Huawei Emui Privilege Escalation

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Huawei Emui Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-3214 CVSS 9.8

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.

CVE-2022-37258 CVSS 9.8

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-c...

CVE-2022-38621 CVSS 9.8

Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page.

CVE-2022-39000 CVSS 9.8

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps...

CVE-2022-39002 CVSS 9.8

Double free vulnerability in the storage module.

CVE-2022-39003 CVSS 9.1

Buffer overflow vulnerability in the video framework.

CVE-2022-39007 CVSS 9.8

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause priv...

CVE-2022-39008 CVSS 9.1

The NFC module has bundle serialization/deserialization vulnerabilities.

CVE-2022-39009 CVSS 9.8

The WLAN module has a vulnerability in permission verification.

CVE-2022-40300 CVSS 9.8

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304...

View critical disclosures

cvelogic Threat Intelligence