Nov 16, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-40752 Ibm Infosphere Information Server Command Injection

  • CVSS 9.8

New critical Ibm Infosphere Information Server Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-40881 Contec Solarview Compact Firmware Command Injection

  • CVSS 9.8

New critical Contec Solarview Compact Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-42245 Dreamer CMS 4.0.01 is vulnerable to SQL Injection.

  • CVSS 9.8

New critical Dreamer Cms Project Dreamer Cms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-40752 CVSS 9.8

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements.

CVE-2022-40881 CVSS 9.8

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php

CVE-2022-42245 CVSS 9.8

Dreamer CMS 4.0.01 is vulnerable to SQL Injection.

CVE-2022-43781 CVSS 9.8

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center.

CVE-2022-43782 CVSS 9.8

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequ...

CVE-2022-43999 CVSS 9.8

An issue was discovered in BACKCLICK Professional 5.9.63.

CVE-2022-44000 CVSS 9.8

An issue was discovered in BACKCLICK Professional 5.9.63.

CVE-2022-44003 CVSS 9.8

An issue was discovered in BACKCLICK Professional 5.9.63.

CVE-2022-44004 CVSS 9.8

An issue was discovered in BACKCLICK Professional 5.9.63.

CVE-2022-44006 CVSS 9.8

An issue was discovered in BACKCLICK Professional 5.9.63.

View critical disclosures

cvelogic Threat Intelligence