CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-1388	High 9.8	94.5%	F5BIG-IP	F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.	May 10, 2022	KEVExploit
CVE-2019-8506	High	7.7%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2021-1789	High	0.2%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2014-0160	High 7.5	94.5%	OpenSSLOpenSSL	The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.	May 4, 2022	KEVExploit
CVE-2014-0322	High	93.2%	MicrosoftInternet Explorer	Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.	May 4, 2022	KEV
CVE-2014-4113	High	82.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	May 4, 2022	KEV
CVE-2021-40450	High	7.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-21919	High	0.3%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-1003029	High	92.6%	JenkinsScript Security Plugin	Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.	Apr 25, 2022	KEV
CVE-2022-29464	High	94.4%	WSO2Multiple Products	Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.	Apr 25, 2022	KEV
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-3568	High	47.4%	Meta PlatformsWhatsApp	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.	Apr 19, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2018-6882	High	63.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.	Apr 19, 2022	KEV
CVE-2018-7841	High	52.0%	Schneider ElectricU.motion Builder	A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.	Apr 15, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2007-3010	High	94.0%	AlcatelOmniPCX Enterprise	masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.	Apr 15, 2022	KEV
CVE-2019-16057	High	93.7%	D-LinkDNS-320 Storage Device	The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.	Apr 15, 2022	KEV

CVE-2022-1388KEV

High

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 7.7%

CVE-2021-1789KEV

High

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 0.2%

CVE-2014-0160KEV

High

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

OpenSSLCVSS 7.5EPSS 94.5%

Exploit

CVE-2014-0322KEV

High

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.

MicrosoftEPSS 93.2%

CVE-2014-4113KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 82.4%

CVE-2021-40450KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.5%

CVE-2022-21919KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 0.3%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2019-1003029KEV

High

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

JenkinsEPSS 92.6%

CVE-2022-29464KEV

High

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

WSO2EPSS 94.4%

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2019-3568KEV

High

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

Meta PlatformsEPSS 47.4%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2018-6882KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

SynacorEPSS 63.4%

CVE-2018-7841KEV

High

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Schneider ElectricEPSS 52.0%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2007-3010KEV

High

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

AlcatelEPSS 94.0%

CVE-2019-16057KEV

High

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

D-LinkEPSS 93.7%

45 46 47 48 49 50 51