| CVE-2022-1388 | High | F5BIG-IP | F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. | May 10, 2022 | KEV |
| CVE-2021-1789 | High | AppleMultiple Products | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | May 4, 2022 | KEV |
| CVE-2019-8506 | High | AppleMultiple Products | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | May 4, 2022 | KEV |
| CVE-2014-4113 | High | MicrosoftWin32k | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | May 4, 2022 | KEV |
| CVE-2014-0322 | High | MicrosoftInternet Explorer | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | May 4, 2022 | KEV |
| CVE-2014-0160 | High | OpenSSLOpenSSL | The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | May 4, 2022 | KEV |
| CVE-2022-29464 | High | WSO2Multiple Products | Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. | Apr 25, 2022 | KEV |
| CVE-2022-26904 | High | MicrosoftWindows | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Apr 25, 2022 | KEV |
| CVE-2022-21919 | High | MicrosoftWindows | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Apr 25, 2022 | KEV |
| CVE-2022-0847 | High | LinuxKernel | Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe." | Apr 25, 2022 | KEV |
| CVE-2021-41357 | High | MicrosoftWin32k | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Apr 25, 2022 | KEV |
| CVE-2021-40450 | High | MicrosoftWin32k | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Apr 25, 2022 | KEV |
| CVE-2019-1003029 | High | JenkinsScript Security Plugin | Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. | Apr 25, 2022 | KEV |
| CVE-2022-22718 | High | MicrosoftWindows | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | Apr 19, 2022 | KEV |
| CVE-2018-6882 | High | SynacorZimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML. | Apr 19, 2022 | KEV |
| CVE-2019-3568 | High | Meta PlatformsWhatsApp | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. | Apr 19, 2022 | KEV |
| CVE-2022-22960 | High | VMwareMultiple Products | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | Apr 15, 2022 | KEV |
| CVE-2022-1364 | High | GoogleChromium V8 | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Apr 15, 2022 | KEV |
| CVE-2019-3929 | High | CrestronMultiple Products | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | Apr 15, 2022 | KEV |
| CVE-2019-16057 | High | D-LinkDNS-320 Storage Device | The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. | Apr 15, 2022 | KEV |