Oct 26, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-42468 Apache Flume RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Apache Flume RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-43774 Deltaww Diaenergie Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Deltaww Diaenergie Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-43775 Deltaww Diaenergie Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Deltaww Diaenergie Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-3363 CVSS 9.8

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.

CVE-2022-39355 CVSS 9.1

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards.

CVE-2022-42468 CVSS 9.8

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source...

CVE-2022-42998 CVSS 9.8

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.

CVE-2022-43000 CVSS 9.8

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.

CVE-2022-43001 CVSS 9.8

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.

CVE-2022-43002 CVSS 9.8

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.

CVE-2022-43003 CVSS 9.8

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.

CVE-2022-43774 CVSS 9.8

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code ex...

CVE-2022-43775 CVSS 9.8

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution...

View critical disclosures

cvelogic Threat Intelligence