Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
Microsoft Exchange Server: 2 CVEs added to CISA KEV today.
7 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical active threat
CVE-2022-36804Atlassian Bitbucket Server and Data Center Command Injection
Actively exploited (CISA KEV)
Listed on CISA KEV
Atlassian Bitbucket Server And Data Center Command Injection is on CISA KEV — confirmed in-the-wild exploitation. Expect continued targeting while the issue remains on the catalog.
Critical exposure
CVE-2022-35156Phpgurukul Bus Pass Management System SQL Injection
CVSS 9.8
New critical Phpgurukul Bus Pass Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-40314A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVSS 9.8
Remote code execution exposure
New critical Moodle RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.