Jan 26, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Telerik User Interface (UI) For ASP.NET AJAX added to CISA KEV — confirmed in-the-wild exploitation.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical active threat

CVE-2017-11357 Telerik UI for ASP.NET AJAX Insecure Direct Object Reference

  • Actively exploited (CISA KEV)
  • Listed on CISA KEV

Confirmed in-the-wild exploitation per CISA KEV — active threat momentum, not theoretical risk.

Critical exposure

CVE-2022-41018 Siretta Quartz-gold Firmware Buffer Overflow

  • CVSS 9.8

New critical Siretta Quartz-gold Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-41019 Siretta Quartz-gold Firmware Buffer Overflow

  • CVSS 9.8

New critical Siretta Quartz-gold Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

CVE-2017-11357 KEV

Telerik UI for ASP.NET AJAX Insecure Direct Object Reference

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-41018 CVSS 9.8

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-...

CVE-2022-41019 CVSS 9.8

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-...

CVE-2022-41030 CVSS 9.8

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-...

CVE-2022-41991 CVSS 9.8

A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

CVE-2022-42490 CVSS 9.8

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

CVE-2022-42491 CVSS 9.8

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

CVE-2022-42492 CVSS 9.8

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

CVE-2022-42493 CVSS 9.8

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020.

CVE-2022-46966 CVSS 9.8

Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.

CVE-2022-46967 CVSS 9.8

An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ direc...

View critical disclosures

cvelogic Threat Intelligence