CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-8589	High	46.3%	MicrosoftWin32k	A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.	May 23, 2022	KEV
CVE-2020-0638	High	1.7%	MicrosoftUpdate Notification Manager	Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.	May 23, 2022	KEV
CVE-2021-30883	High	0.6%	AppleMultiple Products	Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.	May 23, 2022	KEV
CVE-2022-30525	High 9.8	94.4%	ZyxelMultiple Firewalls	A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.	May 16, 2022	KEVExploit
CVE-2022-22947	High 10	94.5%	VMwareSpring Cloud Gateway	Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.	May 16, 2022	KEVExploit
CVE-2022-1388	High 9.8	94.5%	F5BIG-IP	F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.	May 10, 2022	KEVExploit
CVE-2019-8506	High	7.7%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2014-4113	High	82.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	May 4, 2022	KEV
CVE-2021-1789	High	0.2%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2014-0322	High	93.2%	MicrosoftInternet Explorer	Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.	May 4, 2022	KEV
CVE-2014-0160	High 7.5	94.5%	OpenSSLOpenSSL	The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.	May 4, 2022	KEVExploit
CVE-2022-21919	High	0.3%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-1003029	High	92.6%	JenkinsScript Security Plugin	Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.	Apr 25, 2022	KEV
CVE-2022-29464	High	94.4%	WSO2Multiple Products	Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.	Apr 25, 2022	KEV
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2021-40450	High	7.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2018-6882	High	63.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.	Apr 19, 2022	KEV
CVE-2019-3568	High	47.4%	Meta PlatformsWhatsApp	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.	Apr 19, 2022	KEV

CVE-2018-8589KEV

High

A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.

MicrosoftEPSS 46.3%

CVE-2020-0638KEV

High

Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 1.7%

CVE-2021-30883KEV

High

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.

AppleEPSS 0.6%

CVE-2022-30525KEV

High

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

ZyxelCVSS 9.8EPSS 94.4%

Exploit

CVE-2022-22947KEV

High

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

VMwareCVSS 10EPSS 94.5%

Exploit

CVE-2022-1388KEV

High

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 7.7%

CVE-2014-4113KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 82.4%

CVE-2021-1789KEV

High

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 0.2%

CVE-2014-0322KEV

High

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.

MicrosoftEPSS 93.2%

CVE-2014-0160KEV

High

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

OpenSSLCVSS 7.5EPSS 94.5%

Exploit

CVE-2022-21919KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 0.3%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2019-1003029KEV

High

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

JenkinsEPSS 92.6%

CVE-2022-29464KEV

High

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

WSO2EPSS 94.4%

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2021-40450KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.5%

CVE-2018-6882KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

SynacorEPSS 63.4%

CVE-2019-3568KEV

High

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

Meta PlatformsEPSS 47.4%

44 45 46 47 48 49 50