Sep 19, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-28321 Linux-pam Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Linux-pam Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-3218 Necta Wifi Mouse Server RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Necta Wifi Mouse Server RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-38509 Wedding Planner Project Wedding Planner SQL Injection

  • CVSS 9.8

New critical Wedding Planner Project Wedding Planner SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-0143 CVSS 9.3

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted.

CVE-2022-28321 CVSS 9.8

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins.

CVE-2022-3218 CVSS 9.8

Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially byp...

CVE-2022-37032 CVSS 9.1

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service.

CVE-2022-38339 CVSS 9.6

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to e...

CVE-2022-38509 CVSS 9.8

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.

CVE-2022-38545 CVSS 9.6

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via...

CVE-2022-40144 CVSS 9.8

New critical Trendmicro Apex One exposure disclosed.

CVE-2022-40812 CVSS 9.8

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.

CVE-2022-40980 CVSS 9.1

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with...

View critical disclosures

cvelogic Threat Intelligence