| CVE-2019-6340 | High | DrupalCore | In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. | Mar 25, 2022 | KEV |
| CVE-2022-26318 | High | WatchGuardFirebox and XTM Appliances | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. | Mar 25, 2022 | KEV |
| CVE-2022-26143 | High | MitelMiCollab, MiVoice Business Express | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. | Mar 25, 2022 | KEV |
| CVE-2022-21999 | High | MicrosoftWindows | Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. | Mar 25, 2022 | KEV |
| CVE-2021-22941 | High | CitrixShareFile | Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. | Mar 25, 2022 | KEV |
| CVE-2020-9377 | High | D-LinkDIR-610 Devices | D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. | Mar 25, 2022 | KEV |
| CVE-2020-9054 | High | ZyxelMultiple Network-Attached Storage (NAS) Devices | Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. | Mar 25, 2022 | KEV |
| CVE-2020-7247 | High | OpenBSDOpenSMTPD | smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. | Mar 25, 2022 | KEV |
| CVE-2020-5410 | High | VMware TanzuSpring Cloud Configuration (Config) Server | Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files. | Mar 25, 2022 | KEV |
| CVE-2020-1956 | High | ApacheKylin | Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | Mar 25, 2022 | KEV |
| CVE-2019-12991 | High | CitrixSD-WAN and NetScaler | Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. | Mar 25, 2022 | KEV |
| CVE-2019-12989 | High | CitrixSD-WAN and NetScaler | Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. | Mar 25, 2022 | KEV |
| CVE-2019-11043 | High | PHPFastCGI Process Manager (FPM) | In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. | Mar 25, 2022 | KEV |
| CVE-2019-10068 | High | KenticoXperience | Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. | Mar 25, 2022 | KEV |
| CVE-2019-1003030 | High | JenkinsMatrix Project Plugin | Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. | Mar 25, 2022 | KEV |
| CVE-2019-0903 | High | MicrosoftGraphics Device Interface (GDI) | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. | Mar 25, 2022 | KEV |
| CVE-2018-8414 | High | MicrosoftWindows | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. | Mar 25, 2022 | KEV |
| CVE-2018-8373 | High | MicrosoftInternet Explorer Scripting Engine | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | Mar 25, 2022 | KEV |
| CVE-2018-6961 | High | VMwareSD-WAN Edge | VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. | Mar 25, 2022 | KEV |
| CVE-2018-14839 | High | LGN1A1 NAS | LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability. | Mar 25, 2022 | KEV |