CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2019-16057	High	93.7%	D-LinkDNS-320 Storage Device	The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.	Apr 15, 2022	KEV
CVE-2014-0780	High	89.2%	InduSoftWeb Studio	InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.	Apr 15, 2022	KEV
CVE-2019-3929	High	94.3%	CrestronMultiple Products	Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.	Apr 15, 2022	KEV
CVE-2007-3010	High	94.0%	AlcatelOmniPCX Enterprise	masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.	Apr 15, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2016-4523	High	67.0%	TrihedralVTScada (formerly VTS)	The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).	Apr 15, 2022	KEV
CVE-2010-5330	High	47.1%	UbiquitiAirOS	Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.	Apr 15, 2022	KEV
CVE-2022-22960	High	70.4%	VMwareMultiple Products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.	Apr 15, 2022	KEV
CVE-2018-7841	High	52.0%	Schneider ElectricU.motion Builder	A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.	Apr 15, 2022	KEV
CVE-2022-22954	High 9.8	94.4%	VMwareWorkspace ONE Access and Identity Manager	VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.	Apr 14, 2022	KEVExploit
CVE-2018-7602	High	94.4%	DrupalCore	A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.	Apr 13, 2022	KEV
CVE-2015-5123	High	47.6%	AdobeFlash Player	Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2015-0313	High	92.8%	AdobeFlash Player	Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2015-3113	High	92.4%	AdobeFlash Player	Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2015-5122	High	92.8%	AdobeFlash Player	Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2015-0311	High	92.8%	AdobeFlash Player	Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2018-20753	High	37.7%	KaseyaVirtual System/Server Administrator (VSA)	Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.	Apr 13, 2022	KEV
CVE-2015-2502	High	22.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2014-9163	High	3.6%	AdobeFlash Player	Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.	Apr 13, 2022	KEV

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2019-16057KEV

High

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

D-LinkEPSS 93.7%

CVE-2014-0780KEV

High

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

InduSoftEPSS 89.2%

CVE-2019-3929KEV

High

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CrestronEPSS 94.3%

CVE-2007-3010KEV

High

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

AlcatelEPSS 94.0%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2016-4523KEV

High

The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

TrihedralEPSS 67.0%

CVE-2010-5330KEV

High

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

UbiquitiEPSS 47.1%

CVE-2022-22960KEV

High

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

VMwareEPSS 70.4%

CVE-2018-7841KEV

High

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Schneider ElectricEPSS 52.0%

CVE-2022-22954KEV

High

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

VMwareCVSS 9.8EPSS 94.4%

Exploit

CVE-2018-7602KEV

High

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.

DrupalEPSS 94.4%

CVE-2015-5123KEV

High

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

AdobeEPSS 47.6%

CVE-2015-0313KEV

High

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.8%

CVE-2015-3113KEV

High

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.4%

CVE-2015-5122KEV

High

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

AdobeEPSS 92.8%

CVE-2015-0311KEV

High

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.8%

CVE-2018-20753KEV

High

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.

KaseyaEPSS 37.7%

CVE-2015-2502KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

MicrosoftEPSS 22.6%

CVE-2014-9163KEV

High

Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

AdobeEPSS 3.6%

45 46 47 48 49 50 51