CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
1,540
Total CVEs
1,540
CISA KEV
1540
Critical & High
Mar 11, 2026
Last KEV Update
| CVE ID | Severity | Vendor | Description | Published | KEV |
|---|---|---|---|---|---|
| CVE-2022-3075 | High | GoogleChromium Mojo | Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Sep 8, 2022 | KEV |
| CVE-2022-27593 | High | QNAPPhoto Station | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign. | Sep 8, 2022 | KEV |
| CVE-2022-26258 | High | D-LinkDIR-820L | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. | Sep 8, 2022 | KEV |
| CVE-2020-9934 | High | AppleiOS, iPadOS, and macOS | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | Sep 8, 2022 | KEV |
| CVE-2018-2628 | High | OracleWebLogic Server | Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. | Sep 8, 2022 | KEV |
| CVE-2018-13374 | High | FortinetFortiOS and FortiADC | Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server. | Sep 8, 2022 | KEV |
| CVE-2017-5521 | High | NETGEARMultiple Devices | Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. | Sep 8, 2022 | KEV |
| CVE-2011-4723 | High | D-LinkDIR-300 Router | The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information. | Sep 8, 2022 | KEV |
| CVE-2011-1823 | High | AndroidAndroid OS | The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. | Sep 8, 2022 | KEV |
| CVE-2020-28949 | High | PEARArchive_Tar | PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. | Aug 25, 2022 | KEV |
| CVE-2022-26352 | High | dotCMSdotCMS | dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution. | Aug 25, 2022 | KEV |
| CVE-2022-24706 | High | ApacheCouchDB | Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. | Aug 25, 2022 | KEV |
| CVE-2022-24112 | High | ApacheAPISIX | Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. | Aug 25, 2022 | KEV |
| CVE-2022-22963 | High | VMware TanzuSpring Cloud | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | Aug 25, 2022 | KEV |
| CVE-2022-2294 | High | WebRTCWebRTC | WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome. | Aug 25, 2022 | KEV |
| CVE-2021-39226 | High | Grafana LabsGrafana | Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss. | Aug 25, 2022 | KEV |
| CVE-2021-38406 | High | Delta ElectronicsDOPSoft 2 | Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution. | Aug 25, 2022 | KEV |
| CVE-2021-31010 | High | AppleiOS, macOS, watchOS | In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. | Aug 25, 2022 | KEV |
| CVE-2020-36193 | High | PEARArchive_Tar | PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. | Aug 25, 2022 | KEV |
| CVE-2022-0028 | High | Palo Alto NetworksPAN-OS | A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | Aug 22, 2022 | KEV |