| CVE-2021-36260 | High | HikvisionSecurity cameras web server | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. | Jan 10, 2022 | KEV |
| CVE-2020-6572 | High | GoogleChrome Media | Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page. | Jan 10, 2022 | KEV |
| CVE-2019-1458 | High | MicrosoftWin32k | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. | Jan 10, 2022 | KEV |
| CVE-2013-3900 | High | MicrosoftWinVerifyTrust function | A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | Jan 10, 2022 | KEV |
| CVE-2019-2725 | High | OracleWebLogic Server | Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | Jan 10, 2022 | KEV |
| CVE-2019-9670 | High | SynacorZimbra Collaboration Suite (ZCS) | Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. | Jan 10, 2022 | KEV |
| CVE-2018-13382 | High | FortinetFortiOS and FortiProxy | An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password. | Jan 10, 2022 | KEV |
| CVE-2019-1579 | High | Palo Alto NetworksPAN-OS | Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. | Jan 10, 2022 | KEV |
| CVE-2019-10149 | High | EximMail Transfer Agent (MTA) | Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | Jan 10, 2022 | KEV |
| CVE-2015-7450 | High | IBMWebSphere Application Server and Server Hypervisor Edition | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | Jan 10, 2022 | KEV |
| CVE-2021-27860 | High | FatPipeWARP, IPVPN, and MPVPN software | A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. | Jan 10, 2022 | KEV |
| CVE-2021-43890 | High | MicrosoftWindows | Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. | Dec 15, 2021 | KEV |
| CVE-2021-4102 | High | GoogleChromium V8 | Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Dec 15, 2021 | KEV |
| CVE-2019-13272 | High | LinuxKernel | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. | Dec 10, 2021 | KEV |
| CVE-2021-35394 | High | RealtekJungle Software Development Kit (SDK) | RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. | Dec 10, 2021 | KEV |
| CVE-2019-7238 | High | SonatypeNexus Repository Manager | Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. | Dec 10, 2021 | KEV |
| CVE-2019-0193 | High | ApacheSolr | The optional Apache Solr module DataImportHandler contains a code injection vulnerability. | Dec 10, 2021 | KEV |
| CVE-2021-44168 | High | FortinetFortiOS | Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files. | Dec 10, 2021 | KEV |
| CVE-2021-44515 | High | ZohoDesktop Central | Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. | Dec 10, 2021 | KEV |
| CVE-2017-17562 | High | EmbedthisGoAhead | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | Dec 10, 2021 | KEV |