Sep 21, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-28802 Code By Zapier Privilege Escalation

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Code By Zapier Privilege Escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-43310 New critical Keylime RCE disclosed.

  • CVSS 9.8
  • Remote code execution exposure

New critical Keylime RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-37026 Erlang\/otp Auth Bypass

  • CVSS 9.8
  • Authentication bypass — unauthenticated access risk

New critical Erlang\/otp Auth Bypass (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-28802 CVSS 9.9

Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code.

CVE-2022-36386 CVSS 9.1

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

CVE-2022-37026 CVSS 9.8

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-c...

CVE-2022-40030 CVSS 9.8

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at chang...

CVE-2022-40186 CVSS 9.1

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3.

CVE-2022-41226 CVSS 9.8

Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) a...

CVE-2022-41237 CVSS 9.8

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in...

CVE-2022-41238 CVSS 9.8

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresp...

CVE-2022-41241 CVSS 9.1

Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

View critical disclosures

cvelogic Threat Intelligence