CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-3723	High	0.5%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Oct 28, 2022	KEV
CVE-2022-41033	High	1.2%	MicrosoftWindows COM+ Event System Service	Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.	Oct 11, 2022	KEV
CVE-2022-41082	High	91.7%	MicrosoftExchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.	Sep 30, 2022	KEV
CVE-2022-41040	High	94.2%	MicrosoftExchange Server	Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.	Sep 30, 2022	KEV
CVE-2010-2568	High	92.1%	MicrosoftWindows	Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.	Sep 15, 2022	KEV
CVE-2022-37969	High	12.1%	MicrosoftWindows	Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.	Sep 14, 2022	KEV
CVE-2022-3075	High	2.1%	GoogleChromium Mojo	Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Sep 8, 2022	KEV
CVE-2022-21971	High	87.1%	MicrosoftWindows	Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.	Aug 18, 2022	KEV
CVE-2022-26923	High	91.4%	MicrosoftActive Directory	An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.	Aug 18, 2022	KEV
CVE-2022-2856	High	5.1%	GoogleChromium Intents	Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Aug 18, 2022	KEV
CVE-2022-34713	High	4.5%	MicrosoftWindows	A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.	Aug 9, 2022	KEV
CVE-2022-22047	High	1.3%	MicrosoftWindows	Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.	Jul 12, 2022	KEV
CVE-2022-26925	High	37.4%	MicrosoftWindows	Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.	Jul 1, 2022	KEV
CVE-2021-30533	High	10.5%	GoogleChromium PopupBlocker	Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jun 27, 2022	KEV
CVE-2022-30190	High	93.5%	MicrosoftWindows	A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.	Jun 14, 2022	KEV
CVE-2010-2572	High	74.7%	MicrosoftPowerPoint	Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.	Jun 8, 2022	KEV
CVE-2019-5825	High	73.7%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jun 8, 2022	KEV
CVE-2012-0151	High	89.0%	MicrosoftWindows	The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.	Jun 8, 2022	KEV
CVE-2016-1646	High	66.5%	GoogleChromium V8	Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Jun 8, 2022	KEV
CVE-2012-1889	High	92.9%	MicrosoftXML Core Services	Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.	Jun 8, 2022	KEV

CVE-2022-3723KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 0.5%

CVE-2022-41033KEV

High

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 1.2%

CVE-2022-41082KEV

High

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

MicrosoftEPSS 91.7%

CVE-2022-41040KEV

High

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

MicrosoftEPSS 94.2%

CVE-2010-2568KEV

High

Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

MicrosoftEPSS 92.1%

CVE-2022-37969KEV

High

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 12.1%

CVE-2022-3075KEV

High

Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 2.1%

CVE-2022-21971KEV

High

Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.

MicrosoftEPSS 87.1%

CVE-2022-26923KEV

High

An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

MicrosoftEPSS 91.4%

CVE-2022-2856KEV

High

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 5.1%

CVE-2022-34713KEV

High

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

MicrosoftEPSS 4.5%

CVE-2022-22047KEV

High

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

MicrosoftEPSS 1.3%

CVE-2022-26925KEV

High

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

MicrosoftEPSS 37.4%

CVE-2021-30533KEV

High

Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 10.5%

CVE-2022-30190KEV

High

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

MicrosoftEPSS 93.5%

CVE-2010-2572KEV

High

Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

MicrosoftEPSS 74.7%

CVE-2019-5825KEV

High

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 73.7%

CVE-2012-0151KEV

High

The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.

MicrosoftEPSS 89.0%

CVE-2016-1646KEV

High

Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 66.5%

CVE-2012-1889KEV

High

Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

MicrosoftEPSS 92.9%

5 6 7 8 9 10 11