CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2015-2502	High	22.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2022-24521	High	8.7%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.	Apr 13, 2022	KEV
CVE-2021-42287	High	94.0%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2021-42278	High	94.1%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2021-31166	High	93.1%	MicrosoftHTTP Protocol Stack	Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.	Apr 6, 2022	KEV
CVE-2017-0148	High	94.1%	MicrosoftSMBv1 server	The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.	Apr 6, 2022	KEV
CVE-2021-34484	High	2.4%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Mar 31, 2022	KEV
CVE-2015-2426	High	91.8%	MicrosoftWindows	A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.	Mar 28, 2022	KEV
CVE-2011-2005	High	67.1%	MicrosoftAncillary Function Driver (afd.sys)	afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2022-1096(1)	High	47.3%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Mar 28, 2022	KEV
CVE-2018-8406	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2016-0151	High	44.1%	MicrosoftClient-Server Run-time Subsystem (CSRSS)	The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.	Mar 28, 2022	KEV
CVE-2021-38646	High	42.7%	MicrosoftOffice	Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.	Mar 28, 2022	KEV
CVE-2018-8405	High	50.0%	MicrosoftDirectX Graphics Kernel (DXGKRNL)	An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.	Mar 28, 2022	KEV
CVE-2017-0037	High	90.8%	MicrosoftEdge and Internet Explorer	Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.	Mar 28, 2022	KEV
CVE-2016-7200	High	89.2%	MicrosoftEdge	The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.	Mar 28, 2022	KEV

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2015-2502KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

MicrosoftEPSS 22.6%

CVE-2022-24521KEV

High

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 8.7%

CVE-2021-42287KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.0%

CVE-2021-42278KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.1%

CVE-2021-31166KEV

High

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

MicrosoftEPSS 93.1%

CVE-2017-0148KEV

High

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

MicrosoftEPSS 94.1%

CVE-2021-34484KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 2.4%

CVE-2015-2426KEV

High

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

MicrosoftEPSS 91.8%

CVE-2011-2005KEV

High

afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2016-0151KEV

High

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

MicrosoftEPSS 44.1%

CVE-2021-38646KEV

High

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

MicrosoftEPSS 42.7%

CVE-2018-8405KEV

High

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

MicrosoftEPSS 50.0%

CVE-2017-0037KEV

High

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

MicrosoftEPSS 90.8%

CVE-2016-7200KEV

High

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

MicrosoftEPSS 89.2%

9 10 11 12 13 14 15