| CVE-2012-0391 | High | ApacheStruts 2 | The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. | Jan 21, 2022 | KEV |
| CVE-2018-8453 | High | MicrosoftWin32k | Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. | Jan 21, 2022 | KEV |
| CVE-2021-35247 | High | SolarWindsServ-U | SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization. | Jan 21, 2022 | KEV |
| CVE-2021-25298 | High | NagiosNagios XI | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Jan 18, 2022 | KEV |
| CVE-2021-21315 | High | Npm packageSystem Information Library for Node.JS | In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. | Jan 18, 2022 | KEV |
| CVE-2021-22991 | High | F5BIG-IP Traffic Management Microkernel | The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. | Jan 18, 2022 | KEV |
| CVE-2020-14864 | High | OracleIntelligence Enterprise Edition | Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | Jan 18, 2022 | KEV |
| CVE-2020-11978 | High | ApacheAirflow | A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. | Jan 18, 2022 | KEV |
| CVE-2021-32648 | High | October CMSOctober CMS | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. | Jan 18, 2022 | KEV |
| CVE-2021-25296 | High | NagiosNagios XI | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Jan 18, 2022 | KEV |
| CVE-2021-25297 | High | NagiosNagios XI | Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Jan 18, 2022 | KEV |
| CVE-2021-40870 | High | AviatrixAviatrix Controller | Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | Jan 18, 2022 | KEV |
| CVE-2021-33766 | High | MicrosoftExchange Server | Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. | Jan 18, 2022 | KEV |
| CVE-2021-21975 | High | VMwarevRealize Operations Manager API | Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. | Jan 18, 2022 | KEV |
| CVE-2020-13671 | High | DrupalDrupal core | Improper sanitization in the extension file names is present in Drupal core. | Jan 18, 2022 | KEV |
| CVE-2020-13927 | High | ApacheAirflow's Experimental API | The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. | Jan 18, 2022 | KEV |
| CVE-2019-7609 | High | ElasticKibana | Kibana contain an arbitrary code execution flaw in the Timelion visualizer. | Jan 10, 2022 | KEV |
| CVE-2017-1000486 | High | PrimetekPrimefaces Application | Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution | Jan 10, 2022 | KEV |
| CVE-2018-13383 | High | FortinetFortiOS and FortiProxy | A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. | Jan 10, 2022 | KEV |
| CVE-2021-22017 | High | VMwarevCenter Server | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | Jan 10, 2022 | KEV |