Oct 28, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Google Chromium V8 added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2022-3723 Google Chromium V8 Type Confusion

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2022-37425 Opennebula Command Injection

  • CVSS 9.9

New critical Opennebula Command Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-39366 DataHub is an open-source metadata platform.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-2474 CVSS 9.8

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which al...

CVE-2022-2475 CVSS 9.8

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service.

CVE-2022-3708 CVSS 9.6

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insuffic...

CVE-2022-37425 CVSS 9.9

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux...

CVE-2022-37621 CVSS 9.8

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variab...

CVE-2022-39366 CVSS 9.9

DataHub is an open-source metadata platform.

CVE-2022-41636 CVSS 9.1

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext.

CVE-2022-41648 CVSS 9.2

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication fo...

CVE-2022-43168 CVSS 9.8

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the reports_id parameter.

CVE-2022-43286 CVSS 9.8

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterato...

View critical disclosures

cvelogic Threat Intelligence