Feb 11, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-25729 Memory corruption in modem due to improper length check while copying into memory

  • CVSS 9.8

New critical Qualcomm Ar8031 Firmware Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-33279 Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

  • CVSS 9.8

New critical Qualcomm Ar9380 Firmware Buffer Overflow (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-40514 Qualcomm Aqt1000 Firmware Memory Corruption

  • CVSS 9.8

New critical Qualcomm Aqt1000 Firmware Memory Corruption (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-25729 CVSS 9.8

Memory corruption in modem due to improper length check while copying into memory

CVE-2022-33232 CVSS 9.3

Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.

CVE-2022-33279 CVSS 9.8

Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

CVE-2022-40514 CVSS 9.8

Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVE-2022-45088 CVSS 9.8

Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.

CVE-2022-4557 CVSS 9.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Syste...

View critical disclosures

cvelogic Threat Intelligence