CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2021-1789	High	0.2%	AppleMultiple Products	A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.	May 4, 2022	KEV
CVE-2022-21919	High	0.3%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2019-1003029	High	92.6%	JenkinsScript Security Plugin	Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.	Apr 25, 2022	KEV
CVE-2021-40450	High	7.5%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-26904	High	25.1%	MicrosoftWindows	Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-29464	High	94.4%	WSO2Multiple Products	Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.	Apr 25, 2022	KEV
CVE-2021-41357	High	7.4%	MicrosoftWin32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	Apr 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2022-22718	High	9.3%	MicrosoftWindows	Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.	Apr 19, 2022	KEV
CVE-2018-6882	High	63.4%	SynacorZimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.	Apr 19, 2022	KEV
CVE-2019-3568	High	47.4%	Meta PlatformsWhatsApp	A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.	Apr 19, 2022	KEV
CVE-2019-3929	High	94.3%	CrestronMultiple Products	Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.	Apr 15, 2022	KEV
CVE-2019-16057	High	93.7%	D-LinkDNS-320 Storage Device	The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.	Apr 15, 2022	KEV
CVE-2014-0780	High	89.2%	InduSoftWeb Studio	InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.	Apr 15, 2022	KEV
CVE-2010-5330	High	47.1%	UbiquitiAirOS	Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.	Apr 15, 2022	KEV
CVE-2007-3010	High	94.0%	AlcatelOmniPCX Enterprise	masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.	Apr 15, 2022	KEV
CVE-2016-4523	High	67.0%	TrihedralVTScada (formerly VTS)	The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).	Apr 15, 2022	KEV
CVE-2022-1364(1)	High	12.4%	GoogleChromium V8	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.	Apr 15, 2022	KEV
CVE-2022-22960	High	70.4%	VMwareMultiple Products	VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.	Apr 15, 2022	KEV
CVE-2018-7841	High	52.0%	Schneider ElectricU.motion Builder	A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.	Apr 15, 2022	KEV

CVE-2021-1789KEV

High

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

AppleEPSS 0.2%

CVE-2022-21919KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 0.3%

CVE-2019-1003029KEV

High

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

JenkinsEPSS 92.6%

CVE-2021-40450KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.5%

CVE-2022-26904KEV

High

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 25.1%

CVE-2022-29464KEV

High

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

WSO2EPSS 94.4%

CVE-2021-41357KEV

High

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

MicrosoftEPSS 7.4%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2022-22718KEV

High

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

MicrosoftEPSS 9.3%

CVE-2018-6882KEV

High

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

SynacorEPSS 63.4%

CVE-2019-3568KEV

High

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

Meta PlatformsEPSS 47.4%

CVE-2019-3929KEV

High

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CrestronEPSS 94.3%

CVE-2019-16057KEV

High

The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

D-LinkEPSS 93.7%

CVE-2014-0780KEV

High

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

InduSoftEPSS 89.2%

CVE-2010-5330KEV

High

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

UbiquitiEPSS 47.1%

CVE-2007-3010KEV

High

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

AlcatelEPSS 94.0%

CVE-2016-4523KEV

High

The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

TrihedralEPSS 67.0%

CVE-2022-1364KEV

High

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

GoogleEPSS 12.4%

CVE-2022-22960KEV

High

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

VMwareEPSS 70.4%

CVE-2018-7841KEV

High

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Schneider ElectricEPSS 52.0%

77 78 79 80 81 82 83