Dec 12, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-41267 Sap Business Objects Business Intelligence Platform privilege escalation

  • CVSS 9.9
  • Potential privilege escalation to admin/root

New critical Sap Business Objects Business Intelligence Platform privilege escalation (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-41272 Sap Netweaver Process Integration

  • CVSS 9.9

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2021-3942 Hp Color Laserjet Cm4540 Mfp Cc419a Firmware RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Hp Color Laserjet Cm4540 Mfp Cc419a Firmware RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-3942 CVSS 9.8

Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use...

CVE-2022-37897 CVSS 9.8

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets...

CVE-2022-3900 CVSS 9.8

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it i...

CVE-2022-3915 CVSS 9.8

The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to...

CVE-2022-3921 CVSS 9.8

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, w...

CVE-2022-3982 CVSS 9.8

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauth...

CVE-2022-41267 CVSS 9.9

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Bu...

CVE-2022-41271 CVSS 9.4

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration...

CVE-2022-41272 CVSS 9.9

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP...

CVE-2022-4314 CVSS 9.8

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.

View critical disclosures

cvelogic Threat Intelligence