Jan 12, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-22600 Inhandnetworks Inrouter302 Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2023-22601 Inhandnetworks Inrouter302 Firmware

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2022-3515 A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser.

  • CVSS 9.8
  • Remote code execution exposure

New critical Gnupg Code Execution (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-3515 CVSS 9.8

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser.

CVE-2022-39184 CVSS 9.8

EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.

CVE-2022-39185 CVSS 9.8

EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user.

CVE-2022-41778 CVSS 9.8

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCo...

CVE-2022-46471 CVSS 9.8

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Adm...

CVE-2022-46478 CVSS 9.8

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arb...

CVE-2022-46502 CVSS 9.8

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enro...

CVE-2023-22600 CVSS 10

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vuln...

CVE-2023-22601 CVSS 10

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vuln...

CVE-2023-23566 CVSS 9.8

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try t...

View critical disclosures

cvelogic Threat Intelligence