| CVE-2019-3929 | High | CrestronMultiple Products | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | Apr 15, 2022 | KEV |
| CVE-2019-16057 | High | D-LinkDNS-320 Storage Device | The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. | Apr 15, 2022 | KEV |
| CVE-2018-7841 | High | Schneider ElectricU.motion Builder | A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. | Apr 15, 2022 | KEV |
| CVE-2016-4523 | High | TrihedralVTScada (formerly VTS) | The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS). | Apr 15, 2022 | KEV |
| CVE-2014-0780 | High | InduSoftWeb Studio | InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | Apr 15, 2022 | KEV |
| CVE-2010-5330 | High | UbiquitiAirOS | Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi. | Apr 15, 2022 | KEV |
| CVE-2007-3010 | High | AlcatelOmniPCX Enterprise | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands. | Apr 15, 2022 | KEV |
| CVE-2022-22954 | High | VMwareWorkspace ONE Access and Identity Manager | VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. | Apr 14, 2022 | KEV |
| CVE-2022-24521 | High | MicrosoftWindows | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | Apr 13, 2022 | KEV |
| CVE-2018-7602 | High | DrupalCore | A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. | Apr 13, 2022 | KEV |
| CVE-2018-20753 | High | KaseyaVirtual System/Server Administrator (VSA) | Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. | Apr 13, 2022 | KEV |
| CVE-2015-5123 | High | AdobeFlash Player | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | Apr 13, 2022 | KEV |
| CVE-2015-5122 | High | AdobeFlash Player | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | Apr 13, 2022 | KEV |
| CVE-2015-3113 | High | AdobeFlash Player | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | Apr 13, 2022 | KEV |
| CVE-2015-2502 | High | MicrosoftInternet Explorer | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | Apr 13, 2022 | KEV |
| CVE-2015-0313 | High | AdobeFlash Player | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | Apr 13, 2022 | KEV |
| CVE-2015-0311 | High | AdobeFlash Player | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | Apr 13, 2022 | KEV |
| CVE-2014-9163 | High | AdobeFlash Player | Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. | Apr 13, 2022 | KEV |
| CVE-2022-23176 | High | WatchGuardFirebox and XTM | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | Apr 11, 2022 | KEV |
| CVE-2021-42287 | High | MicrosoftActive Directory | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | Apr 11, 2022 | KEV |