Oct 13, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-24697 Apache Kylin Command Injection

  • CVSS 9.8

New critical Apache Kylin Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-41390 Ocomon Project Ocomon SQL Injection

  • CVSS 9.8

New critical Ocomon Project Ocomon SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-41391 Ocomon Project Ocomon SQL Injection

  • CVSS 9.8

New critical Ocomon Project Ocomon SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-24697 CVSS 9.8

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites m...

CVE-2022-3456 CVSS 9.8

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.

CVE-2022-3457 CVSS 9.8

Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.

CVE-2022-41390 CVSS 9.8

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.

CVE-2022-41391 CVSS 9.8

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.

CVE-2022-41495 CVSS 9.8

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.

CVE-2022-41496 CVSS 9.8

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.

CVE-2022-41497 CVSS 9.8

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.

CVE-2022-42889 CVSS 9.8

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

View critical disclosures

cvelogic Threat Intelligence