Sep 26, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-28721 Certain HP Print Products are potentially vulnerable to Remote Code Execution.

  • CVSS 9.8
  • Remote code execution exposure

New critical Hp 1g5m0a Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-28722 Certain HP Print Products are potentially vulnerable to Buffer Overflow.

  • CVSS 9.8

New critical Hp A7w93a Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-30004 Online Market Place Site Project Online Market Place Site SQL Injection

  • CVSS 9.8

New critical Online Market Place Site Project Online Market Place Site SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-28721 CVSS 9.8

Certain HP Print Products are potentially vulnerable to Remote Code Execution.

CVE-2022-28722 CVSS 9.8

Certain HP Print Products are potentially vulnerable to Buffer Overflow.

CVE-2022-30004 CVSS 9.8

Sourcecodester Online Market Place Site v1.0 suffers from an unauthenticated blind SQL Injection Vulnerability allowing remote attackers...

CVE-2022-3075 CVSS 9.6

Google Chromium Mojo Insufficient Data Validation

CVE-2022-40050 CVSS 9.8

ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.

CVE-2022-40483 CVSS 9.8

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /wedding_details.php.

CVE-2022-40484 CVSS 9.8

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking parameter at /admin/client_edit.php.

CVE-2022-40485 CVSS 9.8

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /package_detail.php.

View critical disclosures

cvelogic Threat Intelligence