Jan 20, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2020-29297 Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.

  • CVSS 9.8

New critical Oretnom23 Online Food Ordering System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-48120 Hospital Management System Project Hospital Management System SQL Injection

  • CVSS 9.8

New critical Hospital Management System Project Hospital Management System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-48152 Remoteclinic Remote Clinic SQL Injection

  • CVSS 9.8

New critical Remoteclinic Remote Clinic SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2020-22654 CVSS 9.8

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruc...

CVE-2020-22657 CVSS 9.1

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruc...

CVE-2020-22658 CVSS 9.8

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruc...

CVE-2020-23256 CVSS 9.8

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.

CVE-2020-29297 CVSS 9.8

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.

CVE-2022-48120 CVSS 9.8

SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2...

CVE-2022-48152 CVSS 9.8

SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id...

CVE-2023-0052 CVSS 9.8

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution o...

CVE-2023-23607 CVSS 9.8

erohtar/Dasherr is a dashboard for self-hosted services.

CVE-2023-24028 CVSS 9.8

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.

View critical disclosures

cvelogic Threat Intelligence