CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2010-5330	High	47.1%	UbiquitiAirOS	Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.	Apr 15, 2022	KEV
CVE-2022-22960	High	70.4%	VMwareMultiple Products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.	Apr 15, 2022	KEV
CVE-2014-0780	High	89.2%	InduSoftWeb Studio	InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.	Apr 15, 2022	KEV
CVE-2019-3929	High	94.3%	CrestronMultiple Products	Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.	Apr 15, 2022	KEV
CVE-2016-4523	High	67.0%	TrihedralVTScada (formerly VTS)	The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).	Apr 15, 2022	KEV
CVE-2022-22954	High 9.8	94.4%	VMwareWorkspace ONE Access and Identity Manager	VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.	Apr 14, 2022	KEVExploit
CVE-2014-9163	High	3.6%	AdobeFlash Player	Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.	Apr 13, 2022	KEV
CVE-2015-5123	High	47.6%	AdobeFlash Player	Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2018-7602	High	94.4%	DrupalCore	A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.	Apr 13, 2022	KEV
CVE-2015-3113	High	92.4%	AdobeFlash Player	Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2018-20753	High	37.7%	KaseyaVirtual System/Server Administrator (VSA)	Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.	Apr 13, 2022	KEV
CVE-2015-0313	High	92.8%	AdobeFlash Player	Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2015-2502	High	22.6%	MicrosoftInternet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2015-5122	High	92.8%	AdobeFlash Player	Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).	Apr 13, 2022	KEV
CVE-2022-24521	High	8.7%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.	Apr 13, 2022	KEV
CVE-2015-0311	High	92.8%	AdobeFlash Player	Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.	Apr 13, 2022	KEV
CVE-2021-42287	High	94.0%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2021-42278	High	94.1%	MicrosoftActive Directory	Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.	Apr 11, 2022	KEV
CVE-2022-23176	High	9.6%	WatchGuardFirebox and XTM	WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.	Apr 11, 2022	KEV
CVE-2017-11317	High	92.0%	TelerikUser Interface (UI) for ASP.NET AJAX	Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.	Apr 11, 2022	KEV

CVE-2010-5330KEV

High

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

UbiquitiEPSS 47.1%

CVE-2022-22960KEV

High

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

VMwareEPSS 70.4%

CVE-2014-0780KEV

High

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

InduSoftEPSS 89.2%

CVE-2019-3929KEV

High

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CrestronEPSS 94.3%

CVE-2016-4523KEV

High

The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

TrihedralEPSS 67.0%

CVE-2022-22954KEV

High

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

VMwareCVSS 9.8EPSS 94.4%

Exploit

CVE-2014-9163KEV

High

Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

AdobeEPSS 3.6%

CVE-2015-5123KEV

High

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

AdobeEPSS 47.6%

CVE-2018-7602KEV

High

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.

DrupalEPSS 94.4%

CVE-2015-3113KEV

High

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.4%

CVE-2018-20753KEV

High

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.

KaseyaEPSS 37.7%

CVE-2015-0313KEV

High

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.8%

CVE-2015-2502KEV

High

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

MicrosoftEPSS 22.6%

CVE-2015-5122KEV

High

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

AdobeEPSS 92.8%

CVE-2022-24521KEV

High

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 8.7%

CVE-2015-0311KEV

High

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

AdobeEPSS 92.8%

CVE-2021-42287KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.0%

CVE-2021-42278KEV

High

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 94.1%

CVE-2022-23176KEV

High

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.

WatchGuardEPSS 9.6%

CVE-2017-11317KEV

High

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

TelerikEPSS 92.0%

46 47 48 49 50 51 52