Feb 13, 2023 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
- 10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2022-40022
Microchip Syncserver S650 Firmware Command Injection
New critical Microchip Syncserver S650 Firmware Command Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-4445
Armandofiore Fl3r Feelbox SQL Injection
- CVSS 9.8
- Internet-facing CMS deployments affected
New critical Armandofiore Fl3r Feelbox SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-48323
Sunlogin Sunflower Path Traversal
New critical Sunlogin Sunflower Path Traversal (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an...
A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication.
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue.
Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arb...
ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files t...
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbi...
Multiple Ruckus Wireless Products CSRF and RCE
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions...
View critical disclosures
cvelogic
Threat Intelligence