CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-22947	High 10	94.5%	VMwareSpring Cloud Gateway	Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.	May 16, 2022	KEVExploit
CVE-2022-30525	High 9.8	94.4%	ZyxelMultiple Firewalls	A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.	May 16, 2022	KEVExploit
CVE-2022-1388	High 9.8	94.5%	F5BIG-IP	F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.	May 10, 2022	KEVExploit
CVE-2021-1789	High	0.2%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2014-4113	High	82.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	May 4, 2022	KEV
CVE-2014-0160	High 7.5	94.5%	OpenSSLOpenSSL	The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.	May 4, 2022	KEVExploit
CVE-2014-0322	High	93.2%	MicrosoftInternet Explorer	Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.	May 4, 2022	KEV
CVE-2019-8506	High	7.7%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2022-21919	High	0.3%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-1003029	High	92.6%	JenkinsScript Security Plugin	Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.	Apr 25, 2022	KEV
CVE-2022-29464	High	94.4%	WSO2Multiple Products	Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.	Apr 25, 2022	KEV
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2021-40450	High	7.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-3568	High	47.4%	Meta PlatformsWhatsApp	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.	Apr 19, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2018-6882	High	63.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.	Apr 19, 2022	KEV
CVE-2019-16057	High	93.7%	D-LinkDNS-320 Storage Device	The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.	Apr 15, 2022	KEV
CVE-2018-7841	High	52.0%	Schneider ElectricU.motion Builder	A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.	Apr 15, 2022	KEV

CVE-2022-22947KEV

High

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

VMwareCVSS 10EPSS 94.5%

Exploit

CVE-2022-30525KEV

High

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

ZyxelCVSS 9.8EPSS 94.4%

Exploit

CVE-2022-1388KEV

High

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 0.2%

CVE-2014-4113KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 82.4%

CVE-2014-0160KEV

High

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

OpenSSLCVSS 7.5EPSS 94.5%

Exploit

CVE-2014-0322KEV

High

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.

MicrosoftEPSS 93.2%

CVE-2019-8506KEV

High

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 7.7%

CVE-2022-21919KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 0.3%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2019-1003029KEV

High

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

JenkinsEPSS 92.6%

CVE-2022-29464KEV

High

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

WSO2EPSS 94.4%

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2021-40450KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.5%

CVE-2019-3568KEV

High

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

Meta PlatformsEPSS 47.4%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2018-6882KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

SynacorEPSS 63.4%

CVE-2019-16057KEV

High

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

D-LinkEPSS 93.7%

CVE-2018-7841KEV

High

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Schneider ElectricEPSS 52.0%

42 43 44 45 46 47 48