Nov 18, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 8 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-42497 Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.

  • CVSS 10
  • Internet-facing CMS deployments affected

New critical Api2cart Bridge Connector RCE (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-34827 Carel Boss Mini 1.5.0 has Improper Access Control.

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-44204 D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.

  • CVSS 9.8

New critical Dlink Dir-3060 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-34827 CVSS 9.9

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2022-42497 CVSS 10

Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.

CVE-2022-44204 CVSS 9.8

D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.

CVE-2022-45132 CVSS 9.8

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2...

CVE-2022-45474 CVSS 9.8

drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.

View critical disclosures

cvelogic Threat Intelligence