Critical Vulnerabilities

SOCRadar, the extended cyber threat intelligence (XTI) platform, provides vulnerability intelligence for the security operations team who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.

Get free access to SOCRadar XTI to start using vulnerability intelligence now.

Get Free Access
Vulnerability CVSSv3 Release Date Products References
Cisco SD-WAN CLI path traversal Oct 1, 2022 (8.1) Cisco SD-WAN CLI Link
Cisco SD-WAN CLI path traversal Oct 1, 2022 (8.1) Cisco SD-WAN CLI Link
Veritas NetBackup NBFSMCLIENT Service sql injection Oct 3, 2022 (8.1) Veritas NetBackup Link
Axiomatic Bento4 mp4mux ReadBit out-of-bounds write Oct 3, 2022 (7.5) Axiomatic Bento4 Link
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow Oct 5, 2022 (9.4) Aruba InstantOS Link
BD Totalys MultiProcessor hard-coded credentials Oct 5, 2022 (7.7) BD Totalys Link
Cisco TelePresence CE Version Control unknown vulnerability Oct 6, 2022 (8.4) Cisco Telepresence Link
Generex CS141 Web Interface gxserve-update.sh run_update Privilege Escalation Oct 6, 2022 (8.0) Generex CS141 Link
Fortinet FortiOS/FortiProxy Administrative Interface improper authorization Oct 7, 2022 (9.4) Fortinet FotiOS Link
ToolJet Invite privileges management Oct 7, 2022 (8.4) ToolJet Link
Panini Everest Engine Everest.exe untrusted search path Oct 8, 2022 (8.5) Panini Everest Link
Trend Micro Apex One Security Agent certificate validation Oct 8, 2022 (8.4) Trend Micro Link
puppetlabs-apt os command injection Oct 8, 2022 (7.6) Puppetlabs-apt Link
puppetlabs-mysql os command injection Oct 8, 2022 (7.6) Puppetlabs-mysql Link
Fortinet FortiOS CLI Command os command injection Oct 10, 2022 (8.9) Fortinet FotiOS Link
Dell Container Storage Modules goiscsi/gobrick os command injection Oct 11, 2022 (9.8) Dell Container Link
Dell Container Storage Modules goiscsi/gobrick os command injection Oct 11, 2022 (8.8) Dell Container Link
Microsoft Windows Local Security Authority Privilege Escalation Oct 11, 2022 (8.2) Microsoft Windows Local Security Link
Microsoft Windows ODBC Driver Remote Code Execution Oct 11, 2022 (7.7) Microsoft Windows ODBC Link
Microsoft Windows Server Service Privilege Escalation Oct 11, 2022 (7.7) Microsoft Windows Server Link
Array Networks ArrayOS command injection Oct 13, 2022 (8.4) Array Networks Link
Dell GeoDrive unquoted search path Oct 13, 2022 (7.6) Dell GeoDrive Link
PerFact OpenVPN Client Config Command unknown vulnerability Oct 14, 2022 (8.6) Perfect Openvpn Link
Huawei HarmonyOS MPTCP Module out-of-bounds write Oct 14, 2022 (7.8) Huawei HarmonyOS Link
Google Android HTBLogKM out-of-bounds write Oct 14, 2022 (7.5) Google Android Link
Adobe ColdFusion stack-based overflow Oct 15, 2022 (8.4) Adobe Link
Adobe ColdFusion heap-based overflow Oct 15, 2022 (8.4) Adobe Link
OpenHarmony Startup Subsystem improper authentication Oct 15, 2022 (8.1) OpenHarmony Link
Fortinet FortiTester Telnet Login os command injection Oct 18, 2022 (9.8) Fortinet FortiTester Link
Fortinet FortiTester SSH Login os command injection Oct 18, 2022 (9.8) Fortinet Link
D-Link Router lighttpd stack-based overflow Oct 18, 2022 (9.4) D-Link Link
D-Link DIR-2150 xupnpd command injection Oct 18, 2022 (9.4) D-Link Link
D-Link DIR-2150 xupnpd_generic command injection Oct 18, 2022 (9.4) D-Link Link
Windscribe uncontrolled search path Oct 18, 2022 (8.4) Windscribe Link
Linux Kernel nft_object use after free Oct 18, 2022 (8.4) Linux Kernel Link
D-Link DIR-2150 xupnpd ui_upload command injection Oct 18, 2022 (8.4) D-Link Link
D-Link DIR-2150 anweb websocket_data_handler stack-based overflow Oct 18, 2022 (8.4) D-Link Link
AVEVA Edge uncontrolled search path Oct 18, 2022 (8.4) AVEVA Link
AVEVA Edge SetBytesToManagedControl deserialization Oct 18, 2022 (8.4) AVEVA Link
OPC Labs QuickOPC deserialization Oct 18, 2022 (8.4) OPC Link
Apple macOS Remote Event memory corruption Oct 18, 2022 (7.7) Apple Macos Link
D-Link DIR-2150 anweb action_handler stack-based overflow Oct 18, 2022 (7.6) D-Link Link
Qualcomm Snapdragon Auto WLAN memory corruption Oct 19, 2022 (9.6) Qualcomm Link
Qualcomm Snapdragon Auto WLAN integer overflow Oct 19, 2022 (9.6) Qualcomm Link
Qualcomm Snapdragon Mobile Multimedia use after free Oct 19, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Mobile BTHOST memory corruption Oct 19, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto Automotive Multimedia memory corruption Oct 19, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto Metadata memory corruption Oct 19, 2022 (7.9) Qualcomm Link
Nginx Plus ngx_http_hls_module out-of-bounds write Oct 20, 2022 (7.7) Nginx Link
ORing IAP-420 Telnet Server hard-coded credentials Oct 21, 2022 (9.2) ORing Link
Linux Kernel API io_uring Privilege Escalation Oct 21, 2022 (8.4) Linux Link
Aethon TUG Home Base Server authorization Oct 21, 2022 (7.6) Aethon Link
Aethon TUG Home Base Server channel accessible Oct 21, 2022 (7.6) Aethon Link
Aethon TUG Home Base Server authorization Oct 21, 2022 (7.6) Aethon Link
Lanner IAC-AST2500A spx_restservice Login_handler_func out-of-bounds write Oct 24, 2022 (9.9) Lanner Link
Lanner IAC-AST2500A spx_restservice SubNet_handler_func out-of-bounds write Oct 24, 2022 (9.9) Lanner Link
Lanner IAC-AST2500A spx_restservice KillDupUsr_func out-of-bounds write Oct 24, 2022 (9.8) Lanner Link
Lanner IAC-AST2500A spx_restservice Login_handler_func stack-based overflow Oct 24, 2022 (9.8) Lanner Link
Lanner IAC-AST2500A spx_restservice modifyUserb_func stack-based overflow Oct 24, 2022 (9.4) Lanner Link
Apache Heron Log injection Oct 24, 2022 (8.4) Apache Link
pikepdf PDF XMP Metadata Parser xml external entity reference Oct 24, 2022 (8.4) Pikepdf Link
Sony Content Transfer untrusted search path Oct 24, 2022 (8.2) Sony Link
Lanner IAC-AST2500A session fixiation Oct 24, 2022 (7.6) Lanner Link
Abode iota All-In-One Security Kit XCMD stack-based overflow Oct 25, 2022 (9.7) Abode Link
Abode iota All-In-One Security Kit Telnet hard-coded credentials Oct 25, 2022 (9.6) Abode Link
Abode iota All-In-One Security Kit XCMD getVarHA format string Oct 25, 2022 (8.4) Abode Link
Dataease MySQL Connection Parameter JdbcProvider.java deserialization Oct 25, 2022 (8.4) Dataease MySQL Link
Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection Oct 25, 2022 (8.0) Abode Link
Microsoft Azure CLI code injection Oct 25, 2022 (7.7) Microsoft Azure Link
Abode iota All-In-One Security Kit XCMD ghome_process_control_packet format string Oct 25, 2022 (7.6) Abode Link
Abode iota All-In-One Security Kit XCMD testWifiAP format string Oct 25, 2022 (7.6) Abode Link
Socket.io JS Library Attachment Parser sql injection Oct 26, 2022 (8.5) Socket.io Link
OX Software OX App Suite Ghostscript os command injection Oct 26, 2022 (8.4) OX Software Link
Zalando Skipper server-side request forgery Oct 26, 2022 (7.9) Zalando Link
Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation pathname traversal Oct 27, 2022 (9.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode improper authentication Oct 27, 2022 (9.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master CheckLoadingStartupConfig pathname traversal Oct 27, 2022 (9.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master Device-Gateway Service deserialization Oct 27, 2022 (9.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master AddNewUser improper authentication Oct 27, 2022 (9.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master Device-DataCollect Service deserialization Oct 27, 2022 (9.0) Delta Electronics Link
Delta Electronics InfraSuite Device Master DeSerializeBinary deserialization Oct 27, 2022 (8.4) Delta Electronics Link
Delta Electronics InfraSuite Device Master ModifyPrivByID improper authentication Oct 27, 2022 (8.4) Delta Electronics Link
Pimcore Twig Template code injection Oct 27, 2022 (8.4) Pimcore Link
OpenBMC bmcweb multipart_parser heap-based overflow Oct 27, 2022 (7.7) OpenBMC Link
OpenBMC bmcweb HTTP Header multipart_parser memory corruption Oct 27, 2022 (7.7) OpenBMC Link
Vulnerability CVSSv3 Release Date Products References
AutomationDirect DirectLOGIC Installation uncontrolled search path Sep 1, 2022 (8.1) AutomationDirect Link
Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow Sep 1, 2022 (7.7) Contiki-NG Link
Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow Sep 2, 2022 (8.4) Qualcomm Link
Qualcomm Snapdragon Auto IO Space xPUs permission Sep 2, 2022 (8.2) Qualcomm Link
Qualcomm Snapdragon Auto Multimedia memory corruption Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto DSP Service out-of-bounds write Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Connectivity ELF Header memory corruption Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto Video File Parser out-of-bounds Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto PCM Routing Process memory corruption Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Consumer IOT Graphic Driver use after free Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto Multimedia Driver memory corruption Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto Multimedia memory corruption Sep 2, 2022 (7.9) Qualcomm Link
Qualcomm Snapdragon Auto RPMB cryptographic issues Sep 2, 2022 (7.6) Qualcomm Link
Qualcomm Snapdragon Auto APR Routing Table memory corruption Sep 2, 2022 (7.6) Qualcomm Link
SFTPGo Two-factor Authentication improper authentication Sep 2, 2022 (7.6) SFTPGo Link
ZyXEL NAS326/NAS540/NAS542 UDP Packet format string Sep 6, 2022 (9.6) ZyXEL Link
BitDefender GravityZone Console On-Premise Message deserialization Sep 6, 2022 (8.6) BitDefender Link
Indy Node pool-upgrade Request improper authentication Sep 6, 2022 (7.9) Indy Link
Outbyte PC Repair Installation File iertutil.dll uncontrolled search path Sep 7, 2022 (8.5) Outbyte PC Repair Link
ActivityWatch authentication spoofing Sep 7, 2022 (7.9) ActivityWatch Link
phpfusion unverified password change Sep 7, 2022 (7.8) Phpfusion Link
QNAP QTS Photo Station external reference Sep 8, 2022 (9.7) QNAP QTS Link
ikus060 rdiffweb improper restriction of rendered ui layers Sep 9, 2022 (8.0) ikus060 Link
Wiki UI Main Wiki code injection Sep 9, 2022 (7.9) Wiki Ul Main Link
XWiki Platform Applications Tag code injection Sep 9, 2022 (7.9) XWiki Link
cruddl Schema special elements in data query logic Sep 9, 2022 (7.9) Cruddl Link
Fortinet FortiSOAR HTTP GET Request os command injection Sep 9, 2022 (7.8) Fortinet Link
XWiki Platform Web Templates Email Verification authentication bypass Sep 9, 2022 (7.7) XWiki Link
MZ Automation libIEC61850 memcpy stack-based overflow Sep 10, 2022 (9.4) Automation libIEC61850 Link
MZ Automation libIEC61850 stack-based overflow Sep 10, 2022 (9.4) Automation libIEC61850 Link
Microsoft Windows Enterprise App Management Service Privilege Escalation Sep 13, 2022 (7.8) Microsoft Windows Link
Microsoft Windows ODBC Driver Remote Code Execution Sep 13, 2022 (7.7) Microsoft Windows Link
Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution Sep 13, 2022 (7.7) Microsoft Windows Link
Microsoft Dynamics CRM Privilege Escalation Sep 13, 2022 (7.7) Microsoft Windows Link
Microsoft SharePoint Server Privilege Escalation Sep 13, 2022 (7.7) Microsoft Windows Link
Onedev Docker Socket docker.sock external reference Sep 14, 2022 (9.1) Onedev Docker Link
Crestron AirMedia Installation permission Sep 14, 2022 (8.8) Crestron AirMedia Link
ionicabizau parse-url server-side request forgery Sep 14, 2022 (8.0) İonicabizau Link
EZVIZ CS-CV248 Motion Detection stack-based overflow Sep 15, 2022 (9.1) EZVIZ CS-CV248 Link
ionicabizau parse-url interpretation input Sep 15, 2022 (8.2) İonicabizau Link
Qualcomm Snapdragon Connectivity/Snapdragon Mobile WLAN Key Parser memory corruption Sep 16, 2022 (9.6) Qualcomm Snapdragon Link
Zoom On-Premise Meeting Connector MMR access control Sep 17, 2022 (7.6) Zoom Link
Suprema Bio Star PUT Request access control Sep 20, 2022 (8.8) Suprema Bio Link
Kayrasoft sql injection Sep 20, 2022 (8.2) Kayrasoft Link
ForgeRock IDM/Java Remote Connector Server LDAP Connector access control Sep 20, 2022 (7.6) ForgeRock Link
Aruba ClearPass Policy Manager OnGuard Agent Privilege Escalation Sep 21, 2022 (8.8) Aruba ClearPass Link
UI Desktop access control Sep 23, 2022 (8.8) UI Desktop Link
Sophos Firewall User Portal/Webadmin code injection Sep 23, 2022 (8.5) Sophos Firewall Link
FFmpeg build_open_gop_key_points heap-based overflow Sep 23, 2022 (7.5) FFmpeg Link
Grandstream GSD3710 strcopy stack-based overflow Sep 24, 2022 (9.3) Grandstream Link
Measuresoft ScadaPro Server access control Sep 24, 2022 (8.2) Measuresoft Link
Synacor Zimbra Collaboration Suite Nginx permission Sep 26, 2022 (8.8) Synacor Link
Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission Sep 26, 2022 (8.0) Contec FXA3200 Link
NuProcess Command Line Argument Java_java_lang_UNIXProcess_forkAndExec command injection Sep 27, 2022 (8.4) NuProcess Link
Qualcomm Snapdragon Auto ION use after free Sep 27, 2022 (7.9) Qualcomm Snapdragon Link
Mist Command-Line Interface permission Sep 27, 2022 (7.5) Mist Command-Line Link
Carlo Gavazzi UWP/CPY Car Park Server path traversal Sep 28, 2022 (9.6) Carlo Gavazzi Link
Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials Sep 28, 2022 (9.6) Carlo Gavazzi Link
Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials Sep 28, 2022 (9.6) Carlo Gavazzi Link
Carlo Gavazzi UWP/CPY Car Park Server API missing authentication Sep 28, 2022 (9.6) Carlo Gavazzi Link
Carlo Gavazzi UWP/CPY Car Park Server API Parameter os command injection Sep 28, 2022 (9.6) Carlo Gavazzi Link
Check Point ZoneAlarm Extreme Security Updates permission Sep 28, 2022 (8.4) Check Point Link
Mozilla Firefox Maintenance Service toctou Sep 29, 2022 (8.4) Mozilla Firefox Link
Mozilla Thunderbird Maintenance Service toctou Sep 29, 2022 (8.4) Mozilla Thunderbird Link
matrix-js-sdk Verification key exchange without entity authentication Sep 29, 2022 (7.8) matrix-js-sdk Link
Vulnerability CVSSv3 Release Date Products References
kromitgmbh titra improper authorization Aug 1, 2022 (8.4) Kromitgmbh titra Link
Shescape Regular Expression escapeAll injection Aug 2, 2022 (8.4) Shescape Link
fs2 certificate validation Aug 2, 2022 (8.0) fs2 certificate Link
CVAT server-side request forgery Aug 2, 2022 (7.8) CVAT Link
VMware Workspace ONE Access improper authentication Aug 3, 2022 (9.4) VMware Workspace Link
monorepo-build Remote Code Execution Aug 3, 2022 (8.4) Monorepo Link
image-tiler Remote Code Execution Aug 3, 2022 (8.4) İmage-tiler Link
tooljet access control Aug 3, 2022 (8.4) Tooljet Link
gitblame gitblame.js injection Aug 3, 2022 (8.2) Gitblame Link
heroku-env get.js injection Aug 3, 2022 (8.2) Heroku Link
npos-tesseract ocr.js injection Aug 3, 2022 (8.2) npos-tesseract Link
NHI Card Network Packet stack-based overflow Aug 3, 2022 (7.7) NHI Card Network Link
OMICARD EDM hard-coded credentials Aug 4, 2022 (9.6) OMICARD Link
DevExpress SafeBinaryFormatter deserialization Aug 4, 2022 (8.6) DevExpress Link
Vinchin Backup and Recovery hard-coded credentials Aug 4, 2022 (8.5) Vinchin Link
Sante PACS Server sql injection Aug 4, 2022 (8.4) Sante PACS Link
OMICARD EDM API Function sql injection Aug 4, 2022 (8.4) OMICARD EDM API Link
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write Aug 4, 2022 (8.3) Sante DICOM Link
KVM use after free Aug 5, 2022 (7.8) KVM Link
Samsung Baseband heap-based overflow Aug 5, 2022 (7.8) Samsung Link
Ethermint exposure of resource Aug 5, 2022 (7.6) Ethermint Link
TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow Aug 6, 2022 (9.2) TCL LinkHub Link
TCL LinkHub Mesh Wi-Fi MS1G Network ucloud_del_node access control Aug 6, 2022 (9.2) TCL LinkHub Link
TCL LinkHub Mesh Wi-Fi MS1G Network Packet addTimeGroup stack-based overflow Aug 6, 2022 (8.8) TCL LinkHub Link
TCL LinkHub Mesh Wi-Fi MS1G Network confctl_set_guest_wlan denial of service Aug 6, 2022 (8.8) TCL LinkHub Link
Microsoft Windows SMB Remote Code Execution Aug 9, 2022 (7.7) Microsoft Wİndows Link
KUKA V-KSS Robot Configuration missing authentication Aug 10, 2022 (9.6) KUKA V-KSS Link
Cisco Small Business RV345 buffer overflow Aug 10, 2022 (9.4) Cisco Small Link
Siemens SCALANCE XR-500 injection Aug 10, 2022 (8.4) Siemens Link
Cisco Small Business RV345 buffer overflow Aug 10, 2022 (8.3) Cisco Small Link
Cisco Small Business RV345 buffer overflow Aug 10, 2022 (8.3) Cisco Small Link
ClamAV Antivirus Regex Module out-of-bounds Aug 10, 2022 (8.3) ClamAV Link
mc-kill-port kill Local Privilege Escalation Aug 10, 2022 (7.6) mc-kill-port Link
B&R Studio input validation Aug 11, 2022 (8.2) B&R Link
Zoom Client for Meetings URL Parser input validation Aug 11, 2022 (7.8) Zoom Link
loopback-connector-postgresql sql injection Aug 13, 2022 (7.6) Postgrsql Link
Cockpit authentication bypass Aug 15, 2022 (8.4) Cockbit Link
nameless missing critical step in authentication Aug 15, 2022 (8.4) Nameless Link
Zoom Client for Meetings signature verification Aug 16, 2022 (8.6) Zoom Link
oxyno-zeta react-editable-json-tree neutralization of directives Aug 16, 2022 (7.7) Oxyno-zeta Link
Emerson ControlWave BSAP-IP Protocol integrity check Aug 17, 2022 (9.6) Emerson ControlWave Link
GOG Galaxy GOG.com permission Aug 17, 2022 (8.8) GOG Galaxy Link
Sequi PortBloque S Requests improper authorization Aug 17, 2022 (8.0) Sequi PortBloque Link
Sequi PortBloque S improper authentication Aug 17, 2022 (7.8) Sequi PortBloque Link
Device42 CMDB db_optimize os command injection Aug 17, 2022 (7.6) Device42 CMDB Link
Zoom Rooms for Conference Rooms signature verification Aug 18, 2022 (8.4) Zoom Link
Qualys Cloud Agent access control Aug 18, 2022 (8.4) Qualys Cloud Agent Link
Cisco Secure Web Appliance HTTP os command injection Aug 19, 2022 (8.4) Cisco Secure Link
Project-Nexus sql injection Aug 20, 2022 (8.5) Project-Nexus Link
IBM MQ XML Data xml external entity reference Aug 20, 2022 (7.6) IBM MQ Link
MA Lighting grandMA2 Light hard-coded credentials Aug 21, 2022 (8.8) MA Lighting Link
Linux Kernel eBPF out-of-bounds write Aug 24, 2022 (8.6) Linux Kernel Link
mySCADA myPRO command injection Aug 24, 2022 (8.4) mySCADA myPRO Link
Measuresoft ScadaPro Server ActiveX Control out-of-bounds write Aug 24, 2022 (8.4) Measuresoft Scada Pro Link
Linux Kernel NILFS File System inode.c security_inode_alloc use after free Aug 24, 2022 (8.4) Linux Kernel Link
Linksys MR8300 DDNS Service os command injection Aug 24, 2022 (7.7) Linksys MR8300 Link
Cisco NX-OS/FXOS Discovery Protocol Packet stack-based overflow Aug 25, 2022 (8.6) Cisco Link
Linux Kernel Pipe Buffer pipe_resize_ring locking Aug 25, 2022 (8.4) Linux Kernel Link
Linux Kernel LightNVM Subsystem heap-based overflow Aug 25, 2022 (8.4) Linux Kernel Link
RPM link following Aug 26, 2022 (8.4) RPM Link
Linux Kernel SUID/GUID begin_new_exec permission Aug 26, 2022 (8.4) Linux Kernel Link
Linux Kernel PLP Rose rose_bind use after free Aug 29, 2022 (8.5) Linux Kernel Link
Linux Kernel io_uring Subsystem io_uring.c io_register_personality use after free Aug 29, 2022 (8.4) Linux Kernel Link
Hytec Inter HWL-2511-SS Command Line Interface command injection Aug 30, 2022 (8.5) Hytec Link
Le-yan Personnel and Salary Management System hard-coded credentials Aug 30, 2022 (8.4) Le-yan Link
Patlite NH-FB Firmware unrestricted upload Aug 30, 2022 (7.7) Patlite Link
Dell Container Storage Modules goiscsi/gobrick os command injection Aug 31, 2022 (8.8) Dell Link
Dell EMC SmartFabric os command injection Aug 31, 2022 (7.9) Dell Link
Dell Container Storage Modules goiscsi/gobrick path traversal Aug 31, 2022 (7.5) Dell Link
Vulnerability CVSSv3 Release Date Products References
OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption July 1, 2022 (9.4) OpenSSL Link
SaltStack Salt improper authorization July 1, 2022 (8.0) SaltStack Link
Distributed Data Systems WebHMI os command injection July 2, 2022 (8.0) Distrubuted Data System Link
Nokia DGX A100 BiosCfgTool memory corruption July 2, 2022 (8.0) Nokia Link
GitLab Project Import Privilege Escalation July 2, 2022 (7.9) GitLab Link
git-clone command injection July 2, 2022 (7.6) git-clone Link
Home Spot Cube2 DHCP Server Reply os command injection July 3, 2022 (8.5) Home Spot Cube2 Link
Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion July 5, 2022 (8.4) Linux Kernel Link
IOBit Advanced System Care/Action Download Center Asc.exe permission July 6, 2022 (8.5) IOBit Link
MediaTek MT8797 Modem out-of-bounds write July 6, 2022 (8.4) MediaTek Link
IOBit Advanced System Care/Driver Booster Update Procedure data authenticity July 6, 2022 (7.8) IOBit Link
MediaTek MT8797 Modem 2G RR out-of-bounds write July 6, 2022 (7.7) MediaTek Link
CWP command injection July 7, 2022 (7.7) CWP Link
Dell EMC Storage Cloud Mobility Remote Code Execution July 8, 2022 (8.9) Dell EMC Link
atoms183 CMS product_admin.php sql injection July 8, 2022 (8.0) Atoms183 CMS Link
HPE IceWall SSO sql injection July 8, 2022 (7.9) HPE Link
Dell EMC PowerProtect Cyber Recovery access control July 8, 2022 (7.6) Dell EMC Link
Keycloak authorization July 8, 2022 (7.6) Keycloak Link
Hap-WI Roxy-WI options.py subprocess_execute os command injection July 9, 2022 (9.4) Hap-WI Roxy-WI Link
rpc.py HTTP Header deserialization July 9, 2022 (8.2) Rpc Link
Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication July 11, 2022 (9.6) Lenze cabinet Link
Microsoft Azure Site Recovery VMWare to Azure Remote Code Execution July 12, 2022 (8.1) Microsoft Azure Link
Microsoft Windows Shell Privilege Escalation July 12, 2022 (7.8) Microsoft Windows Shell Link
Kubernetes aws-iam-authenticator access control July 12, 2022 (7.7) Kubernetes Link
Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation July 12, 2022 (7.6) Microsoft AZure Link
Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write July 13, 2022 (9.1) Pyramid EtherNet-IP Link
Verizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injection July 14, 2022 (8.5) Verizon 5G Home Link
5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injection July 14, 2022 (8.5) 5G Home Link
Verizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injection July 14, 2022 (8.5) Verizon 5G Home Link
Verizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege Escalation July 14, 2022 (8.0) Verizon 5G Home Link
Verizon 5G Home LVSKIHP InDoorUnit RPC Endpoint crtc.lua crtcfwimage unrestricted upload July 14, 2022 (8.0) Verizon 5G Home Link
Verizon 5G Home LVSKIHP OutDoorUnit Settings Page settings.lua os command injection July 14, 2022 (7.7) Verizon 5G Home Link
Hap-WI Roxy-WI options.py subprocess_execute command injection July 16, 2022 (8.5) Hap-WI Roxy-WI Link
Parallels Desktop HDAudio Virtual Device buffer overflow July 16, 2022 (7.7) Parallels Desktop HDAudio Link
Infiray IRAY-A8Z3 strcpy buffer overflow July 18, 2022 (8.0) Infiray IRAY Link
QVIS NVR DVR sudo Configuration access control July 18, 2022 (7.6) QVIS NVR DVR Link
AnyDesk symlink July 19, 2022 (8.5) AnyDesk Link
Feed Them Social Plugin deserialization July 19, 2022 (8.4) Feed Them Social Plugin Link
Parallels Desktop permission assignment July 19, 2022 (8.3) Parallels Desktop Link
Parallels Access uncontrolled search path July 19, 2022 (8.3) Parallels Desktop Link
Fortinet FortiClient FortiESNAC Service path traversal July 19, 2022 (8.3) Fortinet Link
Parallels Access Desktop Control Agent service uncontrolled search path July 19, 2022 (8.3) Parallels Access Desktop Link
Parallels Desktop ACPI Virtual Device out-of-bounds July 19, 2022 (7.7) Parallels Desktop ACPI Link
Zyxel USG ZyWALL CLI Command privileges management July 19, 2022 (7.6) Zyxel Link
Yokogawa Passage Drive Interprocess Communication os command injection July 20, 2022 (8.8) Yokogawa Link
Pega Platform JMX Interface deserialization July 20, 2022 (8.5) Pega Platform Link
Digiwin BPM sql injection July 20, 2022 (8.4) Digiwin Link
openSUSE Tumbleweed keylime symlink July 20, 2022 (7.8) openSUSE Link
Fortinet FortiAP-U CLI CLI Command path traversal July 20, 2022 (7.8) Fortinet Link
Fortinet FortiClientWindows unnecessary privileges July 20, 2022 (7.8) Fortinet Link
Apple watchOS AppleAVD buffer overflow July 21, 2022 (9.4) Apple Link
Apple watchOS Wi-Fi memory corruption July 21, 2022 (9.4) Apple Link
Apple tvOS Wi-Fi Remote Code Execution July 21, 2022 (8.4) Apple Link
Advantech iView command injection July 22, 2022 (9.6) Advantech iView Link
Apple macOS Wi-Fi Remote Code Execution July 22, 2022 (9.4) Apple Link
Apple macOS Wi-Fi Remote Code Execution July 22, 2022 (9.4) Apple Link
Advantech iView sql injection July 22, 2022 (7.6) Advantech iView Link
Advantech iView missing authentication July 22, 2022 (7.6) Advantech iView Link
convert-svg-core SVG File code injection July 23, 2022 (7.9) SVG File Link
Atos Unify OpenScape SBC/OpenScape Branch/OpenScape BCF Remote Code Execution July 25, 2022 (8.4) Atos Unify OpenScape Link
ffmpeg-sdk index.js injection July 25, 2022 (8.2) Link
Osamaesh WP Visitor Statistics Plugin sql injection July 25, 2022 (8.2) Osamaesh WP Visitor Link
Pega improper authorization July 26, 2022 (8.5) Pega Link
hestiacp os command injection July 27, 2022 (7.9) Hestiacp Link
Veritas NetBackup OpsCenter Java Classloader code injection July 28, 2022 (9.8) Veritas Link
Synology Media Server CGI buffer overflow July 28, 2022 (9.7) Synology Media server Link
Veritas NetBackup access control July 28, 2022 (9.3) Veritas Link
Veritas NetBackup access control July 28, 2022 (9.2) Veritas Link
Veritas NetBackup OpsCenter VxSS Subsystem hard-coded credentials July 28, 2022 (8.8) Veritas Link
Veritas NetBackup OpsCenter Remote Code Execution July 28, 2022 (8.7) Veritas Link
Veritas NetBackup OpsCenter Local Privilege Escalation July 28, 2022 (8.5) Veritas Link
Veritas NetBackup OpsCenter User Account access control July 28, 2022 (8.1) Veritas Link
Veritas Netbackup access control July 28, 2022 (7.9) Veritas Link
AVEVA Platform Common Services uncontrolled search path July 28, 2022 (7.9) AVEVA Platform Link
Veritas NetBackup access control July 28, 2022 (7.8) Veritas Link
Veritas NetBackup Privilege Escalation July 28, 2022 (7.7) Veritas Link
PHP libmagic finfo_buffer free of memory not on the heap July 28, 2022 (7.7) PHP Link
SonicWALL Analytics On-Prem sql injection July 29, 2022 (9.4) SonicWall Link
IBM PowerVM VIOS Remote Code Execution July 29, 2022 (9.3) IBM PowerVM Link
Ovarro TBox TG2 Configuration code injection July 29, 2022 (8.6) Ovarro TBox Link
Ovarro TBox TG2 Configuration File permission assignment July 29, 2022 (8.6) Ovarro TBox Link
Inavitas Solar Log sql injection July 29, 2022 (8.3) Inavitas Solar Link
HPE iLO 5 Remote Code Execution July 31, 2022 (8.4) HPE iLO 5 Link
Vulnerability CVSSv3 Release Date Products References
Sofia-SIP SDP Message Parser heap-based overflow June 1, 2022 (8.0) Sofia-SIP Link
ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication June 1, 2022 (8.0) Ramank775 Link
Schneider Electric Wiser Smart missing encryption June 3, 2022 (7.7) Schneider Electric Link
eG Agent permission June 3, 2022 (7.6) eG Agent Link
Atlassian Confluence Server/Data Center OGNL injection June 4, 2022 (9.4) Atlassian Confluence Server Link
Dominion Democracy Suite Voting System ImageCast X certificate validation June 5, 2022 (8.1) Dominion Democracy Suite Voting System Link
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow June 6, 2022 (9.7) HID Mercury Link
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Hostname protection mechanism June 6, 2022 (9.5) HID Mercury Link
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Route edit_route.cgi os command injection June 6, 2022 (8.6) HID Mercury Link
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Firmware Binary direct request June 6, 2022 (8.5) HID Mercury Link
HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 path traversal June 6, 2022 (8.0) HID Mercury Link
3CX Phone System PhoneSystem Terminal improper authentication June 7, 2022 (8.8) 3CX Phone System Link
emicklei go-restful authorization June 8, 2022 (8.1) Emicklei Link
ToaruOS Kernel access control June 8, 2022 (7.7) ToaruOS Link
ITarian SAAS/On-Premise procedures security check for standard June 9, 2022 (9.1) ITarian Link
Linux Kernel File System Notification copy_event_to_user use after free June 9, 2022 (8.4) Linux Kernel File System Link
PJSIP STUN buffer overflow June 9, 2022 (8.4) PJSIP Link
ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission June 9, 2022 (8.1) ITarian Link
Firejail User Namespace join.c access control June 9, 2022 (7.9) Firejail Link
gogs os command injection June 10, 2022 (8.5) gogs Link
gogs path traversal June 10, 2022 (8.5) gogs Link
jgraph drawio code injection June 10, 2022 (8.3) jgraph Link
ToolJet Remote Code Execution June 10, 2022 (7.6) ToolJet Link
RealVNC VNC Server Installer Repair access control June 11, 2022 (8.4) RealVNC Link
Dell SupportAssist Client Consumer uncontrolled search path June 11, 2022 (8.3) Dell Sport Asssist Link
Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow June 11, 2022 (7.6) Linux Kernel Link
Festo Controller CECC-X-M1 POST Request os command injection June 13, 2022 (9.6) Festo Controller Link
NAVER Cloud Explorer privileges management June 13, 2022 (8.8) NAVER Cloud Link
Microsoft Windows Network File System Remote Code Execution June 14, 2022 (8.9) Microsoft Windows Link
Microsoft Windows LDAP Remote Code Execution June 14, 2022 (8.1) Microsoft Windows Link
Microsoft SharePoint Server Privilege Escalation June 14, 2022 (8.1) Microsoft Sharepoint Server Link
Microsoft SharePoint Server Privilege Escalation June 14, 2022 (8.1) Microsoft Sharepoint Server Link
Microsoft Windows LDAP Remote Code Execution June 14, 2022 (8.1) Microsoft Windows LDAP Link
Microsoft Windows Kerberos AppContainer Privilege Escalation June 14, 2022 (8.0) Microsoft Windows Kerberos Link
Microsoft Windows Kerberos Privilege Escalation June 14, 2022 (7.7) Microsoft Windows Kerberos Link
Microsoft System Center Operations Manager Privilege Escalation June 14, 2022 (7.6) Microsoft System Center Operations Manager Link
Splunk Enterprise Forwarder Bundle access control June 15, 2022 (8.3) Splunk Link
PHP Parametrized Query uninitialized pointer June 16, 2022 (7.7) PHP Link
Anker Eufy Homebase mips_collector use after free June 17, 2022 (8.0) Anker Eufy Hombase Link
Parse Server Apple Game Center Auth Adapter improper authentication June 17, 2022 (7.8) Apple Game Center Link
polonel trudesk API incorrect privileged apis June 20, 2022 (8.5) Polonel Trudesk Link
polonel trudesk unrestricted upload June 20, 2022 (8.3) Polonel Trudesk Link
McAfee Consumer Product Removal Tool Configuration File permission June 20, 2022 (8.2) McAfee Link
McAfee Consumer Product Removal Tool uncontrolled search path June 20, 2022 (8.2) McAfee Link
Phoenix Contact Product data authenticity June 21, 2022 (9.6) Phoenix Link
Comodo Antivirus Quarantine access control June 22, 2022 (8.8) Comodo Antivirus Link
Red Hat Enterprise Linux Kernel hard-coded key June 22, 2022 (8.4) RedHat Enterprise Linux Link
Tenable Nessus PowerShell cmdlet Check access control June 22, 2022 (8.4) Tenable Nessus Link
SiHAS SGW-300/ACM-300/GCM-300 Firmware improper authentication June 23, 2022 (9.2) SiHAS SGW-300/ACM-300/GCM-300 Firmware Link
Pure Storage Purity FA/Purity FB Management Interface hard-coded credentials June 23, 2022 (8.4) Pure Storage Link
Pure Storage Purity FA/Purity FB Restricted Shell access control June 23, 2022 (7.6) Pure Storage Link
CODESYS Products Request unexpected sign extension June 24, 2022 (9.8) CODESYS Products Link
CODESYS PLCWinNT and Runtime Toolkit 32 Password Protection insecure default initialization of resource June 24, 2022 (9.6) CODESYS PLCWinNT Link
CODESYS Products Request heap-based overflow June 24, 2022 (8.8) CODESYS Products Link
CODESYS Products Local File out-of-range pointer offset June 24, 2022 (8.8) CODESYS Products Link
MELAG FTP Server unnecessary privileges June 24, 2022 (8.1) Melag FTP Link
Illumina Local Run Manager unrestricted upload June 25, 2022 (9.7) Illumina Link
Secheron SEPCOS behavioral workflow June 25, 2022 (9.4) Secheron SEPCOS Link
EagleGet Downloader luminati_net_updater_win_eagleget_com Privilege Escalation June 25, 2022 (8.8) EagleGet Link
Illumina Local Run Manager path traversal June 25, 2022 (8.5) Illumina Link
Secheron SEPCOS FTP Server access control June 25, 2022 (8.4) Secheron SEPCOS Link
Illumina Local Run Manager improper authorization June 25, 2022 (8.0) Illumina Link
ionicabizau parse-url server-side request forgery June 27, 2022 (8.2) İonicabizau Link
Douzone NeoRS ActiveX Module origin validation June 28, 2022 (8.1) Douzone NeoRS Link
LDAP Account Manager injection June 28, 2022 (7.6) LDAP Link
Clever underscore.deep deepFromFlat prototype pollution June 28, 2022 (7.6) Clever DeepFromFlat Link
Vulnerability CVSSv3 Release Date Products References
Bender CC612 SSH hard-coded password (CVE-2021-34601) Apr 28, 2022 (9.8) Bender CC612 Link
Bender CC612/CC613/ICC15xx/ICC16xx ifplugd unnecessary privileges (CVE-2021-34591) Apr 28, 2022 (7.6) Bender CC612/CC613/ICC15xx/ICC16xx Link
cifs-utils mount.cifs stack-based overflow (CVE-2022-27239) Apr 28, 2022 (7.5) cifs-utils Link
Bender CC612/CC613/ICC15xx/ICC16xx Web Interface os command injection (CVE-2021-34602) Apr 28, 2022 (8.6) Bender CC612/CC613/ICC15xx/ICC16xx Link
FreeRDP NTLM Authentication improper authentication ( CVE-2022-24882) Apr 26, 2022 (9.3) FreeRDP up to 2.6.x Link
Solana rBPF sdiv Instruction calculation (CVE-2022-23066) May 9, 2022 (9.3) SOLANA RBPF Link
Tecson Tankspion Endpoint improper authentication (CVE-2019-12254) May 7, 2022 (8.4) TECSON TANKSPION ENDPOINT Link
Splunk Enterprise Search Parameter injection (CVE-2022-26889) May 7, 2022 (7.9) Splunk Enterprise Link
QNAP QVR command injection (CVE-2022-27588) May 6, 2022 (9.6) QNAP QVR PRIOR 5.1.6 Link
ecdsautils CLI Command ecdsa_verify_list_legacy signature verification (CVE-2022-24884) May 6, 2022 (8.5) ECDSAUTILS Link
Flux/kustomize-controller kustomization.yaml path traversal (CVE-2022-24887) May 6, 2022 (7.9) FLUX/KUSTOMIZE-CONTROLLER Link
python-libnmap Remote Code Execution (CVE-2022-30284) May 5, 2022 (8.5) Python Link
clinical-genomics scout server-side request forgery (CVE-2022-1592) May 5, 2022 (8.2) CLINICAL-GENOMICS SCOUT Link
YetiForce CRM unrestricted upload (CVE-2022-1411) May 5, 2022 (7.5) YETIFORCE CRM Link
TIBCO Managed File Transfer Command Center DOM XML Parser/SAX XML Parser xml external entity reference (CVE-2022-22774) May 10, 2022 (7.9) TIBCO Link
D-Link DIR-882 Blink command injection (CVE-2022-28901) May 10, 2022 (8.0) D-Link Link
D-Link DIR-882 SubnetMask command injection (CVE-2022-28896) May 10, 2022 (8.0) D-Link Link
D-Link DIR-882 IPAddress command injection (CVE-2022-28895) May 10, 2022 (7.7) D-Link Link
alextselegidis easyappointments API privileges management (CVE-2022-1397) May 10, 2022 (8.6) alextselegidis Link
InHand InRouter302 Console Factory stack-based overflow (CVE-2022-26002) May 12, 2022 (8.1) InHand Link
InHand InRouter302 httpd libnvram.so nvram_import input validation (CVE-2022-26782) May 12, 2022 (9.3) InHand Link
InHand InRouter302 Network Request infactory_net os command injection (CVE-2022-26518) May 12, 2022 (9.3) InHand Link
InHand InRouter302 Console infactory_port os command injection (CVE-2022-26420) May 12, 2022 (9.3) InHand Link
InHand InRouter302 Console infactory_wlan os command injection (CVE-2022-26075) May 12, 2022 (9.3) InHand Link
Weintek cMT code injection (CVE-2021-27446) May 17, 2022 (9.7) Weintek Link
Trend Micro Password Manager link following (CVE-2022-30523) May 17, 2022 (8.8) Trend Micro Link
Weintek cMT access control (CVE-2021-27444) May 17, 2022 (8.4) Weintek Link
Linux Kernel sched Privilege Escalation (CVE-2022-29581) May 17, 2022 (8.1) Linux kernel Link
Linux Kernel io_uring integer overflow (CVE-2022-1116) May 17, 2022 (8.1) Linux kernel Link
Fidelis Network and Deception Web Interface os command injection (CVE-) May 18, 2022 (8.6) Fidelis Link
Fidelis Network and Deception CLI cert_utils os command injection May 18, 2022 (8.6) Fidelis Link
Fidelis Network and Deception CLI remote_text_file os command injection May 18, 2022 (8.6) Fidelis Link
Fidelis Network and Deception Web Interface os command injection May 18, 2022 (8.6) Fidelis Link
NVIDIA GPU Display Driver Kernel Mode Layer out-of-bounds read May 18, 2022 (8.1) NVIDIA Link
FlyteConsole Web User Interface server-side request forgery May 18, 2022 (8.0) FlyteConsole Link
Lenovo System Interface Foundation IMController toctou May 20, 2022 (7.5) Lenova Link
Lenovo System Interface Foundation IMController toctou May 20, 2022 (7.5) Lenova Link
Snow License Manager unquoted search path May 20, 2022 (7.5) Snow Link
Mitsubishi Electric Factory Automation Engineering permission May 20, 2022 (7.7) Mitsubishi Electric Link
Vmware Workspace ONE Access access control May 21, 2022 (8.4) Vmware Workspace Link
Vmware Workspace ONE Access improper authentication May 21, 2022 (9.4) Vmware Workspace Link
Nokogiri XML Parser/HTML4 SAX Parser #to_s memory corruption May 21, 2022 (7.6) Nokogiri Link
Rundeck hard-coded key May 21, 2022 (8.0) Rundeck Link
Argo CD improper authentication May 21, 2022 (8.5) Argo CD Link
Cilium default permission May 21, 2022 (8.6) Cilium Link
SOOTEWAY Wi-Fi Range Extender Telnet Service hard-coded credentials May 21, 2022 (9.8) SOOTEWAY Wifi Link
publify access control May 22, 2022 (7.9) Publify Link
publify unrestricted upload May 24, 2022 (7.5) Publify Link
Zyxel USG/ZyWALL packet-trace argument injection May 24, 2022 (7.8) Zyxel Link
Cognex In-Sight OPC Server deserialization May 24, 2022 (8.4) Cognex Link
Annke N48PBB stack-based overflow May 24, 2022 (9.4) Annke Link
Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow May 25, 2022 (9.6) Microsoft Azure Link
Open Automation OAS SecureTransferFiles missing authentication May 26, 2022 (8.2) Open Automation Link
Open Automation OAS REST API missing authentication May 26, 2022 (8.1) Open Automation Link
Archer Platform SSO ADFS access control May 27, 2022 (9.5) Archer Platform Link
protobufjs code injection May 28, 2022 (7.6) Protobufjs Link
VulnerabilityExploitation StatusCVSSv3Release DateProductsReferences

Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component

CVE-2021-3064

Unknown9.8Nov 10, 2021Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17Link

Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC

CVE-2021-42321

Exploited in the Tianfu Cup8.8Nov 9, 2021Microsoft Exchange ServerLink

Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC

CVE-2021-42292

In-the-wild7.8Nov 9, 2021Microsoft OfficeLink

Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access

CVE-2021-22955

Ongoing exploitationN/ANov 9, 2021Citrix ADC | Citrix GatewayLink

Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel

CVE-2021-43267

Unknown9.8Nov 2, 2021Linux Kernel Versions between 5.10 and 5.15Link

Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel

CVE-2021-1048

In-the-wild7.8Nov 1, 2021Android KernelLink

‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi)

CVE-2021-42574 | CVE-2021-42694

POC Exploit Code Available9.8Nov 1, 2021Unicode Bidirectional Algorithm (BiDi) through Version 14.0Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System
CVE-2021-1529
Unknown 7.8 Oct 20, 2021 Cisco IOS XE Software | Cisco IOS XE SD-WAN Software Link
RCE Vulnerability in The Trial Version of WinRAR
CVE-2021-35052
Unknown N/A Oct 20, 2021 WinRAR Version 5.70 Link
Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities
CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985
Unknown N/A Oct 19, 2021 Google Chrome Link
Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA
CVE-2021-26427
Unknown 9.0 Oct 12, 2021 Microsoft Exchange Server Link
Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT
CVE-2021-40449
In-the-wild 7.8 Oct 12, 2021 All Supported Versions of Windows Link
RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers
CVE-2021-40487 | CVE-2021-40469
Unknown 8.1 Oct 12, 2021 Microsoft SharePoint Versions | Windows DNS Server Versions Link
Link
Apple iOS Remote Code Execution (RCE) Zero-Day Bug
CVE-2021-30883
In-the-wild N/A Oct 11, 2021 iOS 15.0.2 and iPadOS 15.0.2 Link
Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server
CVE-2021-41773 | CVE-2021-42013
In-the-wild 7.5 Oct 4, 2021 Apache HTTP Server 2.4.49 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Second Pair of Google Chrome Use-after-free Zero Day Bugs in September CVE-2021-37975 | CVE-2021-37976 In-the-wild N/A Sep 30, 2021 Google Chrome Link
Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag N/A Unknown N/A Sep 29, 2021 Apple AirTag Link
Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability CVE-2021-34770 Unknown 10 Sep 22, 2021 Cisco Catalyst 9000 Family of Wireless Controllers Link
Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco CVE-2021-34727 | CVE-2021-1619 Unknown 9.8 Sep 22, 2021 Cisco SD-WAN Software | Cisco IOS XE Software Link Link
VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server CVE-2021-22005 POC exploit code available 9.8 Sep 21, 2021 VMware vCenter Server Link
Zero-day Security Vulnerability in Apple’s macOS Finder System No CVE assigned Unknown N/A Sep 21, 2021 macOS Big Sur and Prior Link
Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack CVE-2021-40847 POC exploit code available 8.1 Sep 20, 2021 Netgear Small Office/Home Office (SOHO) Routers Link
Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products CVE-2021-39863 Unknown 8.8 Sep 14, 2021 Adobe Reader DC | Adobe Acrobat Reader DC Link
OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform CVE-2021-38647 POC exploit code available 9.8 Sep 14, 2021 Microsoft Azure Cloud Link
ForcedEntry Apple Zero-day Bugs Exploited by NSO Group CVE-2021-30858 | CVE-2021-30860 Zero-click exploit available 8.8 Sep 13, 2021 iPhone | iPad | Mac | Apple Watch Link
Google Chrome Use-After-Free (UAF) Zero-Day Bugs CVE-2021-30632 | CVE-2021-30633 In-the-wild N/A Sep 13, 2021 Google Chrome Link
Zero-Day RCE Vulnerability in Microsoft MSHTML CVE-2021-40444 Ongoing exploitation 8.8 Sep 7, 2021 Microsoft Windows Link
An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform CVE-2021-40539 Ongoing exploitation N/A Sep 7, 2021 Zoho ManageEngine ADSelfService Plus Link
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746 POC exploit code available 9.8 Sep 1, 2021 Cisco Enterprise NFVIS Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Critical Microsoft Azure Cosmos DB Bug
No CVE assigned
Unknown N/A Aug 26, 2021 Microsoft Azure Cosmos DB | Jupyter Notebook Link
Critical Vulnerability in the Atlassian Confluence Server Platform
CVE-2021-26084
Ongoing exploitation 9.8 Aug 25, 2021 Atlassian Confluence Server and Data Center Link
Sudo Bug Privilege Escalation Vulnerability for HPE Aruba
CVE-2021-3156
POC exploit code available 7.8 Aug 25, 2021 HPE Aruba AirWave Management Platform Link
Parallels Desktop Privilege Escalation Bug
CVE-2021-34864
Unknown 8.8 Aug 25, 2021 Parallels Desktop Link
A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain
CVE-2021-39137
In-the-wild 7.5 Aug 24, 2021 All Geth Versions Supporting the London Hard Fork Link
OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data
CVE-2021-3711
Unknown 9.8 Aug 24, 2021 OpenSSL versions 1.1.1k and earlier 1.1.1x Link
ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices
CVE-2021-28372
Unknown 8.3 Aug 17, 2021 ThroughTek’s Kalay Platform 2.0 Link
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958
Unknown 7.8 Aug 11, 2021 Windows Server Link
Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-35395
Ongoing exploitation 9.8 Aug 11, 2021 Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK Link
Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface
CVE-2021-22937
Unknown 9.1 Aug 5, 2021 Pulse Connect Secure before 9.1R12 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer
CVE-2021-30807
In-the-wild 7.8 Jul 26, 2021 iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 Link Link Link
Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian
CVE-2020-36239
Unknown 9.8 Jul 21, 2021 Jira Data Center | Jira Service Management Data Center Link
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-34481
Unknown 8.8 Jul 15, 2021 Windows Server Link
Type Confusion Bug in V8 in Google Chrome
CVE-2021-30563
In-the-wild 8.8 Jul 15, 2021 Google Chrome prior to 91.0.4472.164 Link
Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product
CVE-2021-35211
Zero-Day Exploit 10.0 Jul 13, 2021 SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 Link
Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33766
Unknown 7.5 Jul 13, 2021 Microsoft Exchange Server Link
Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug
CVE-2021-22555
POC Exploit Code Available 8.3 Jul 7, 2021 Linux since v2.6.19-rc1 Link
Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability
CVE-2021-34473
Unknown 9.1 Jul 2, 2021 Microsoft Exchange Server Link
Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs
CVE-2021-34527
POC Exploit Code Available 8.8 Jul 1, 2021 Windows Server Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework
CVE-2021-35464
POC Exploit Code Available 9.8 Jun 29, 2021 ForgeRock AM server before 7.0 Link
NVIDIA Trusty Driver Buffer Overflow Vulnerability
CVE‑2021‑34372
Unknown 8.2 Jun 22, 2021 NVIDIA Jetson Link
Google Chrome Use After Free Bug in BFCache
CVE-2021-30544
Unknown 9.8 Jun 9, 2021 Google Chrome prior to 91.0.4472.101 Link
Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31956
In-the-wild 7.8 Jun 8, 2021 Windows Server Link
Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability
CVE-2021-33742
In-the-wild 8.8 Jun 8, 2021 Windows Server Link
Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d)
CVE-2021-24489
Unknown 8.8 Jun 8, 2021 Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors Link
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33739
In-the-wild 8.4 Jun 8, 2021 Windows 10 Link
Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31958
Unknown 8.8 Jun 8, 2021 Windows Server Link
Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug
CVE-2021-0516
Unknown 9.8 Jun 2, 2021 AOSP versions 8.1, 9, 10, 11 Link
Windows Print Spooler Remote Code Execution (RCE) Vulnerability
CVE-2021-1675
Unknown 8.8 Jun 1, 2021 Windows Server Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter
CVE-2021-30179
POC Exploit Code Available 9.8 May 31, 2021 Dubbo all 2.5.x, 2.6.x and 2.7.x versions Link
Privilege Escalation Vulnerability in Dell DBUtil Driver
CVE-2021-21551
In-the-wild 7.8 May 31, 2021 DBUtil: 2.3 Link
VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5)
CVE-2021-21985 | CVE-2021-21986
POC Exploit Code Available 9.8 May 26, 2021 VMware vCenter Server | VMware Cloud Foundation Link
Apple Multiple Memory Corruption Vulnerability
CVE-2021-30734
POC Exploit Code Available 8.8 May 24, 2021 iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 Link Link Link
Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X
CVE-2021-22908
Unknown 8.8 May 24, 2021 Pulse Connect Secure versions 9.0Rx and 9.1Rx Link
McAfee Arbitrary Process Execution Privilege Escalation Bugs
CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876
POC Exploit Code Available 7.8 May 24, 2021 McAfee Total Protection Prior to 16.0.30 Link
Microsoft Critical Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476
Unknown 9.9 May 11, 2021 Windows Server Link
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166
Unknown 9.8 May 11, 2021 Windows 10 Link
Adobe Critical Use After Free Arbitrary code execution Vulnerabilities
CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553
In-the-wild 8.8 May 11, 2021 Acrobat Reader DC Link
Privilege Escalation Vulnerability in Linux kernel
CVE-2021-3490
POC Exploit Code Available 7.8 May 10, 2021 Linux kernel Operating System Link
Critical Authentication Bypass Vulnerability on Python
CVE-2021-29921
Unknown 9.8 May 6, 2021 Python 3.10 | Python 3.9 | Python 3.8 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication
CVE-2021-20090
In-the-wild 9.8 Apr 29, 2021 Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 Link
Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
In-the-wild 10.0 Apr 23, 2021 Pulse Connect Secure before 9.1R11.4 Link
Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900
Unknown 8.8 Apr 22, 2021 V8 in Google Chrome prior to 90.0.4430.85 Link
Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195
CVE-2021-27850
POC Exploit Code Available 9.8 Apr 15, 2021 Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 Link
Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels
CVE-2021-3492 | CVE-2021-3493
Unknown 7.8 Apr 15, 2021 Linux Link
Multiple Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483
POC Exploit Code Available 9.8 Apr 13, 2021 Microsoft Exchange Server Link
Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager
CVE-2021-28310
In-the-wild 7.8 Apr 13, 2021 Windows 10 Link
Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415
POC Exploit Code Available 7.8 Apr 13, 2021 Windows Server Link
Arbitrary File Write Vulnerability in vRealize Operations Manager API
CVE-2021-21975
POC Exploit Code Available 7.5 Apr 13, 2021 VMware vRealize Operations Link
WhatsApp Cache Configuration Vulnerability
CVE-2021-24027
POC Exploit Code Available 7.5 Apr 6, 2021 WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization
CVE-2021-26295
POC Exploit Code Available 9.8 Mar 22, 2021 Apache OFBiz Link
Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink
CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193
In-the-wild 8.8 Mar 12, 2021 Google Chrome prior to 89.0.4389.90 Link
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868
Unknown 7.8 Mar 9, 2021 Windows 10 Link
Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411
In-the-wild 8.8 Mar 9, 2021 Internet Explorer | Microsoft Edge Link
Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities
CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065
In-the-wild 9.8 Mar 2, 2021 Microsoft Exchange Server Link Link Link Link
VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application
CVE-2021-22987
Unknown 9.9 Mar 2, 2021 BIG-IP Link
BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug
CVE-2021-22987
Unknown 9.9 Mar 2, 2021 BIG-IP Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Windows TCP/IP Denial of Service (DoS) Vulnerability
CVE-2021-24086
POC Exploit Code Available 7.5 Feb 29, 2021 Windows 10 Link
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021- 1361
Unknown 9.1 Feb 24, 2021 Cisco NX-OS Software 9.3(5) and 9.3(6) Link
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974
POC Exploit Code Available 9.8 Feb 23, 2021 VMware ESXi | VMware vCenter Server | VMware Cloud Foundation Link
Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104
Unknown 9.8 Feb 16, 2021 Accellion FTA 9_12_370 and earlier Link
Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-21017
In-the-wild 8.8 Feb 11, 2021 Acrobat Reader DC Link
VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug
CVE-2021-21976
Unknown 7.2 Feb 11, 2021 vSphere Replication Link
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 | CVE-2021-24094
POC Exploit Code Available 9.8 Feb 9, 2021 Windows 10 Link Link
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732
In-the-wild 7.8 Feb 9, 2021 Windows 10 Link
Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability
CVE-2021-21148
In-the-wild 8.8 Feb 9, 2021 Google Chrome prior to 88.0.4324.150 Link
Remote Code Execution (RCE) Bug in SAP Commerce
CVE-2021-21477
Unknown 9.9 Feb 9, 2021 SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 Link
Vulnerability Exploitation Status CVSSv3 Release Date Products References
Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug
CVE-2021-3156
In-the-wild 7.8 Jan 29, 2021 Sudo before 1.9.5p2 Link
Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug
CVE-2021-25646
POC Exploit Code Available 8.8 Jan 29, 2021 Apache Druid Link
Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server
CVE-2021-2109
POC Exploit Code Available 7.2 Jan 20, 2021 Oracle WebLogic Server Link
Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug
CVE-2021-3177
Unknown 8.8 Jan 19, 2021 Python 3.10, 3.9, 3.8, 3.7, 3.6 Link
Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability
CVE-2021-1144
Unknown 8.8 Jan 13, 2021 Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 Link
Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647
In-the-wild 7.8 Jan 12, 2021 Windows Defender Link
Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability
CVE-2021-3129
POC Exploit Code Available 9.8 Jan 12, 2021 Laravel before 8.4.2 Link
Android Out of Bounds Write Remote Code Execution Vulnerability
CVE-2021-3007
Unknown 9.8 Jan 4, 2021 AOSP 8.0, 8.1, 9, 10, 11 Link