Jan 18, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-45444 Sewio Real-time Location System Studio

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2020-35326 Inxedu SQL Injection

  • CVSS 9.8

New critical Inxedu SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-47966 Zoho ManageEngine Multiple Products Remote Code Execution

  • CVSS 9.8
  • Remote code execution exposure

New critical Zoho ManageEngine RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-35326 CVSS 9.8

SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu...

CVE-2022-41417 CVSS 9.8

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.

CVE-2022-41989 CVSS 9

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS repo...

CVE-2022-43483 CVSS 9.1

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input modu...

CVE-2022-45444 CVSS 10

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select...

CVE-2022-46732 CVSS 9.8

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication...

CVE-2022-47911 CVSS 9.1

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input modu...

CVE-2022-47966 CVSS 9.8

Zoho ManageEngine Multiple Products Remote Code Execution

CVE-2023-21890 CVSS 9.8

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core).

View critical disclosures

cvelogic Threat Intelligence