Nov 3, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2020-22818
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-22819
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2020-22820
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
New critical Mkcms Project Mkcms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection.
Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated att...
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases.
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings.
View critical disclosures
cvelogic
Threat Intelligence