Oct 10, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 5 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-32234 Facebook Hermes memory safety

  • CVSS 9.8

New critical Facebook Hermes memory safety (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-40138 Facebook Hermes Out-of-Bounds Write

  • CVSS 9.8

New critical Facebook Hermes Out-of-Bounds Write (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-35289 Facebook Hermes

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6....

CVE-2022-32234 CVSS 9.8

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers...

CVE-2022-35289 CVSS 9.8

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows att...

CVE-2022-40138 CVSS 9.8

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used...

CVE-2022-41746 CVSS 9.1

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installat...

View critical disclosures

cvelogic Threat Intelligence