Oct 27, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2021-36206 Johnsoncontrols Cevas SQL injection

  • CVSS 10

New critical Johnsoncontrols Cevas SQL injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-38397 Honeywell Application Control Environment Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-3385 Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow.

  • CVSS 9.8
  • Remote code execution exposure

New critical Advantech R-seenet RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-36206 CVSS 10

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authenticati...

CVE-2021-38395 CVSS 9.1

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, wh...

CVE-2021-38397 CVSS 10

Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to...

CVE-2022-31678 CVSS 9.1

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability.

CVE-2022-3385 CVSS 9.8

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow.

CVE-2022-3386 CVSS 9.8

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow.

CVE-2022-37913 CVSS 9.8

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote...

CVE-2022-37914 CVSS 9.8

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote...

CVE-2022-37915 CVSS 9.8

New critical Arubanetworks Aruba Edgeconnect Enterprise Orchestrator exposure disclosed.

CVE-2022-40876 CVSS 9.8

In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack ove...

View critical disclosures

cvelogic Threat Intelligence