Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 29, 2022
Sep 29, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
6 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2022-29503
Anker Eufy Homebase 2 Firmware Memory Corruption
New critical Anker Eufy Homebase 2 Firmware Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-33880
Hospital Management System Mini-project Project Hospital Management System Mini-project SQL Injection
New critical Hospital Management System Mini-project Project Hospital Management System Mini-project SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-40475
Totolink A860r Firmware Command Injection
New critical Totolink A860r Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40.
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
Discourse is an open source discussion platform.
isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface.
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.
View critical disclosures
cvelogic
Threat Intelligence