| CVE-2021-42278 | High | MicrosoftActive Directory | Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | Apr 11, 2022 | KEV |
| CVE-2021-39793 | High | GooglePixel | Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege. | Apr 11, 2022 | KEV |
| CVE-2021-27852 | High | CheckboxCheckbox Survey | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | Apr 11, 2022 | KEV |
| CVE-2021-22600 | High | LinuxKernel | Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation. | Apr 11, 2022 | KEV |
| CVE-2020-2509 | High | QNAPQNAP Network-Attached Storage (NAS) | QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. | Apr 11, 2022 | KEV |
| CVE-2017-11317 | High | TelerikUser Interface (UI) for ASP.NET AJAX | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | Apr 11, 2022 | KEV |
| CVE-2021-31166 | High | MicrosoftHTTP Protocol Stack | Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. | Apr 6, 2022 | KEV |
| CVE-2021-3156 | High | SudoSudo | Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. | Apr 6, 2022 | KEV |
| CVE-2017-0148 | High | MicrosoftSMBv1 server | The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. | Apr 6, 2022 | KEV |
| CVE-2022-22965 | High | VMwareSpring Framework | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | Apr 4, 2022 | KEV |
| CVE-2022-22675 | High | ApplemacOS | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | Apr 4, 2022 | KEV |
| CVE-2022-22674 | High | ApplemacOS | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | Apr 4, 2022 | KEV |
| CVE-2021-45382 | High | D-LinkMultiple Routers | A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. | Apr 4, 2022 | KEV |
| CVE-2022-26871 | High | Trend MicroApex Central | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | Mar 31, 2022 | KEV |
| CVE-2022-1040 | High | SophosFirewall | An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. | Mar 31, 2022 | KEV |
| CVE-2018-10562 | High | DasanGigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution. | Mar 31, 2022 | KEV |
| CVE-2018-10561 | High | DasanGigabit Passive Optical Network (GPON) Routers | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution. | Mar 31, 2022 | KEV |
| CVE-2021-34484 | High | MicrosoftWindows | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Mar 31, 2022 | KEV |
| CVE-2021-28799 | High | QNAPNetwork Attached Storage (NAS) | QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. | Mar 31, 2022 | KEV |
| CVE-2021-21551 | High | Delldbutil Driver | Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure. | Mar 31, 2022 | KEV |