Sep 22, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Zoho ManageEngine added to CISA KEV — confirmed in-the-wild exploitation.
  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-35405 Zoho ManageEngine Multiple Products Remote Code Execution

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV
  • Remote code execution exposure

Zoho ManageEngine RCE is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.

Critical exposure

CVE-2022-36934 An integer overflow in WhatsApp could result in remote code execution in an established video call.

  • CVSS 9.8
  • Remote code execution exposure

New critical Whatsapp RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-37232 Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd.

  • CVSS 9.8

New critical Netgear Wnr2000v4 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Zoho ManageEngine Multiple Products Remote Code Execution

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-31937 CVSS 9.8

Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.

CVE-2022-3268 CVSS 9.8

Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.

CVE-2022-36934 CVSS 9.8

An integer overflow in WhatsApp could result in remote code execution in an established video call.

CVE-2022-37232 CVSS 9.8

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd.

CVE-2022-37235 CVSS 9.8

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binar...

CVE-2022-38573 CVSS 9.8

10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.

CVE-2022-40087 CVSS 9.8

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents().

CVE-2022-40089 CVSS 9.8

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP f...

View critical disclosures

cvelogic Threat Intelligence