Dec 9, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-4390 Netgear Ax2400 Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-4170 Fedoraproject Extra Packages For Enterprise Linux RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Fedoraproject Extra Packages For Enterprise Linux RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-23510 cube-js is a headless business intelligence platform.

  • CVSS 9.6

New critical Cube.js SQL injection (CVSS 9.6) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-23477 CVSS 9.1

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).

CVE-2022-23478 CVSS 9.1

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).

CVE-2022-23479 CVSS 9.1

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).

CVE-2022-23480 CVSS 9.1

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).

CVE-2022-23493 CVSS 9.1

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).

CVE-2022-23510 CVSS 9.6

cube-js is a headless business intelligence platform.

CVE-2022-4170 CVSS 9.8

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the dat...

CVE-2022-4390 CVSS 10

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers.

CVE-2022-45290 CVSS 9.1

Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.

View critical disclosures

cvelogic Threat Intelligence