CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-1003029	High	92.6%	JenkinsScript Security Plugin	Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.	Apr 25, 2022	KEV
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2019-3568	High	47.4%	Meta PlatformsWhatsApp	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.	Apr 19, 2022	KEV
CVE-2018-6882	High	63.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.	Apr 19, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2018-7841	High	52.0%	Schneider ElectricU.motion Builder	A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.	Apr 15, 2022	KEV
CVE-2014-0780	High	89.2%	InduSoftWeb Studio	InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.	Apr 15, 2022	KEV
CVE-2007-3010	High	94.0%	AlcatelOmniPCX Enterprise	masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.	Apr 15, 2022	KEV
CVE-2010-5330	High	47.1%	UbiquitiAirOS	Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.	Apr 15, 2022	KEV
CVE-2016-4523	High	67.0%	TrihedralVTScada (formerly VTS)	The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).	Apr 15, 2022	KEV
CVE-2022-22960	High	70.4%	VMwareMultiple Products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.	Apr 15, 2022	KEV
CVE-2019-3929	High	94.3%	CrestronMultiple Products	Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.	Apr 15, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2019-16057	High	93.7%	D-LinkDNS-320 Storage Device	The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.	Apr 15, 2022	KEV
CVE-2022-22954	High 9.8	94.4%	VMwareWorkspace ONE Access and Identity Manager	VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.	Apr 14, 2022	KEVExploit
CVE-2015-2502	High	22.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2022-24521	High	8.7%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.	Apr 13, 2022	KEV
CVE-2015-0313	High	92.8%	AdobeFlash Player	Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2015-3113	High	92.4%	AdobeFlash Player	Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV

CVE-2019-1003029KEV

High

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

JenkinsEPSS 92.6%

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2019-3568KEV

High

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

Meta PlatformsEPSS 47.4%

CVE-2018-6882KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

SynacorEPSS 63.4%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2018-7841KEV

High

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Schneider ElectricEPSS 52.0%

CVE-2014-0780KEV

High

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

InduSoftEPSS 89.2%

CVE-2007-3010KEV

High

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

AlcatelEPSS 94.0%

CVE-2010-5330KEV

High

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

UbiquitiEPSS 47.1%

CVE-2016-4523KEV

High

The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

TrihedralEPSS 67.0%

CVE-2022-22960KEV

High

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

VMwareEPSS 70.4%

CVE-2019-3929KEV

High

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CrestronEPSS 94.3%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2019-16057KEV

High

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

D-LinkEPSS 93.7%

CVE-2022-22954KEV

High

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

VMwareCVSS 9.8EPSS 94.4%

Exploit

CVE-2015-2502KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

MicrosoftEPSS 22.6%

CVE-2022-24521KEV

High

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 8.7%

CVE-2015-0313KEV

High

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.8%

CVE-2015-3113KEV

High

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.4%

45 46 47 48 49 50 51