Nov 3, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-22818 MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

  • CVSS 9.8

New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-22819 MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.

  • CVSS 9.8

New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2020-22820 MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.

  • CVSS 9.8

New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-22818 CVSS 9.8

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

CVE-2020-22819 CVSS 9.8

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.

CVE-2020-22820 CVSS 9.8

MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.

CVE-2022-22425 CVSS 9.8

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.

CVE-2022-38168 CVSS 9.1

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated att...

CVE-2022-40747 CVSS 9.1

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

CVE-2022-42744 CVSS 9.8

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases.

CVE-2022-43107 CVSS 9.8

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

CVE-2022-43108 CVSS 9.8

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.

CVE-2022-43109 CVSS 9.8

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings.

View critical disclosures

cvelogic Threat Intelligence