| CVE-2017-12149 | High | Red HatJBoss Application Server | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | Dec 10, 2021 | KEV |
| CVE-2010-1871 | High | Red HatJBoss Seam 2 | JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured. | Dec 10, 2021 | KEV |
| CVE-2020-17463 | High | Fuel CMSFuel CMS | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | Dec 10, 2021 | KEV |
| CVE-2020-8816 | High | Pi-holeAdminLTE | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | Dec 10, 2021 | KEV |
| CVE-2019-10758 | High | MongoDBmongo-express | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. | Dec 10, 2021 | KEV |
| CVE-2021-44228 | High | ApacheLog4j2 | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. | Dec 10, 2021 | KEV |
| CVE-2021-37415 | High | ZohoManageEngine ServiceDesk Plus (SDP) | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication | Dec 1, 2021 | KEV |
| CVE-2021-40438 | High | ApacheApache | A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | Dec 1, 2021 | KEV |
| CVE-2021-44077 | High | ZohoManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution | Dec 1, 2021 | KEV |
| CVE-2020-11261 | High | QualcommSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Dec 1, 2021 | KEV |
| CVE-2018-14847 | High | MikroTikRouterOS | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | Dec 1, 2021 | KEV |
| CVE-2021-40449 | High | MicrosoftWindows | Unspecified vulnerability allows for an authenticated user to escalate privileges. | Nov 17, 2021 | KEV |
| CVE-2021-42321 | High | MicrosoftExchange | An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. | Nov 17, 2021 | KEV |
| CVE-2021-42292 | High | MicrosoftOffice | A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. | Nov 17, 2021 | KEV |
| CVE-2021-22204 | High | PerlExiftool | Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | Nov 17, 2021 | KEV |
| CVE-2021-34523 | High | MicrosoftExchange Server | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | Nov 3, 2021 | KEV |
| CVE-2020-25506 | High | D-LinkDNS-320 Device | D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. | Nov 3, 2021 | KEV |
| CVE-2018-15811 | High | DotNetNuke (DNN)DotNetNuke (DNN) | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. | Nov 3, 2021 | KEV |
| CVE-2018-18325 | High | DotNetNuke (DNN)DotNetNuke (DNN) | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811. | Nov 3, 2021 | KEV |
| CVE-2017-9822 | High | DotNetNuke (DNN)DotNetNuke (DNN) | DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. | Nov 3, 2021 | KEV |