| CVE-2018-8405 | High | MicrosoftDirectX Graphics Kernel (DXGKRNL) | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. | Mar 28, 2022 | KEV |
| CVE-2017-0213 | High | MicrosoftWindows | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | Mar 28, 2022 | KEV |
| CVE-2017-0059 | High | MicrosoftInternet Explorer | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | Mar 28, 2022 | KEV |
| CVE-2017-0037 | High | MicrosoftEdge and Internet Explorer | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | Mar 28, 2022 | KEV |
| CVE-2016-7201 | High | MicrosoftEdge | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Mar 28, 2022 | KEV |
| CVE-2016-7200 | High | MicrosoftEdge | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Mar 28, 2022 | KEV |
| CVE-2016-0189 | High | MicrosoftInternet Explorer | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Mar 28, 2022 | KEV |
| CVE-2016-0151 | High | MicrosoftClient-Server Run-time Subsystem (CSRSS) | The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. | Mar 28, 2022 | KEV |
| CVE-2016-0040 | High | MicrosoftWindows | The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. | Mar 28, 2022 | KEV |
| CVE-2012-5076 | High | OracleJava SE | The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. | Mar 28, 2022 | KEV |
| CVE-2016-11021 | High | D-LinkDCS-930L Devices | setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. | Mar 25, 2022 | KEV |
| CVE-2016-0752 | High | RailsRuby on Rails | Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | Mar 25, 2022 | KEV |
| CVE-2015-4068 | High | ArcserveUnified Data Protection (UDP) | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | Mar 25, 2022 | KEV |
| CVE-2015-1427 | High | ElasticElasticsearch | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | Mar 25, 2022 | KEV |
| CVE-2009-2055 | High | CiscoIOS XR | Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS). | Mar 25, 2022 | KEV |
| CVE-2021-42237 | High | SitecoreXP | Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. | Mar 25, 2022 | KEV |
| CVE-2020-25223 | High | SophosSG UTM | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. | Mar 25, 2022 | KEV |
| CVE-2020-2506 | High | QNAP SystemsHelpdesk | QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. | Mar 25, 2022 | KEV |
| CVE-2020-2021 | High | Palo Alto NetworksPAN-OS | Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. | Mar 25, 2022 | KEV |
| CVE-2020-1631 | High | JuniperJunos OS | A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution. | Mar 25, 2022 | KEV |