Jan 13, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-46954 Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System SQL Injection

  • CVSS 9.8

New critical Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-46955 Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System SQL Injection

  • CVSS 9.8

New critical Dynamic Transaction Queuing System Project Dynamic Transaction Queuing System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-45299 Webbrowser Project Webbrowser

  • CVSS 9.8

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-3782 CVSS 9.1

keycloak: path traversal via double URL encoding.

CVE-2022-45299 CVSS 9.8

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.

CVE-2022-46954 CVSS 9.8

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?a...

CVE-2022-46955 CVSS 9.8

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?a...

CVE-2023-0297 CVSS 9.8

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

CVE-2023-22495 CVSS 9.8

Izanami is a shared configuration service well-suited for micro-service architecture implementation.

View critical disclosures

cvelogic Threat Intelligence