Oct 18, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-33872 Fortinet Fortitester Command Injection

  • CVSS 9.8

New critical Fortinet Fortitester Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-33874 Fortinet Fortitester Command Injection

  • CVSS 9.8

New critical Fortinet Fortitester Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-39198 Apache Dubbo Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Apache Dubbo Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-31122 CVSS 9.8

Wire is an encrypted communication and collaboration platform.

CVE-2022-33872 CVSS 9.8

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login co...

CVE-2022-33874 CVSS 9.8

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login compo...

CVE-2022-39198 CVSS 9.8

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution.

CVE-2022-39428 CVSS 9.8

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload).

CVE-2022-40684 CVSS 9.8

Fortinet Multiple Products Authentication Bypass

CVE-2022-40889 CVSS 9.8

Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.

CVE-2022-41544 CVSS 9.8

GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-...

CVE-2022-43260 CVSS 9.8

Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overflow via the time parameter in the fromSetSysTime function.

View critical disclosures

cvelogic Threat Intelligence