SOCRadar, the extended cyber threat intelligence (XTI) platform, provides vulnerability intelligence for the security operations team who can search for recent critical vulnerabilities exploited in the wild by the threat actors. SOCRadar also provides an External Attack Surface Management suite that helps cybersecurity teams to identify vulnerable assets in their internet-facing network. We select and display critical vulnerabilities below that are popular in the hacker community.
Get free access to SOCRadar XTI to start using vulnerability intelligence now.
Get Free Access| Vulnerability | CVSSv3 | Release Date | Products | References |
| Cisco SD-WAN CLI path traversal | Oct 1, 2022 | (8.1) | Cisco SD-WAN CLI | Link |
| Cisco SD-WAN CLI path traversal | Oct 1, 2022 | (8.1) | Cisco SD-WAN CLI | Link |
| Veritas NetBackup NBFSMCLIENT Service sql injection | Oct 3, 2022 | (8.1) | Veritas NetBackup | Link |
| Axiomatic Bento4 mp4mux ReadBit out-of-bounds write | Oct 3, 2022 | (7.5) | Axiomatic Bento4 | Link |
| Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow | Oct 5, 2022 | (9.4) | Aruba InstantOS | Link |
| BD Totalys MultiProcessor hard-coded credentials | Oct 5, 2022 | (7.7) | BD Totalys | Link |
| Cisco TelePresence CE Version Control unknown vulnerability | Oct 6, 2022 | (8.4) | Cisco Telepresence | Link |
| Generex CS141 Web Interface gxserve-update.sh run_update Privilege Escalation | Oct 6, 2022 | (8.0) | Generex CS141 | Link |
| Fortinet FortiOS/FortiProxy Administrative Interface improper authorization | Oct 7, 2022 | (9.4) | Fortinet FotiOS | Link |
| ToolJet Invite privileges management | Oct 7, 2022 | (8.4) | ToolJet | Link |
| Panini Everest Engine Everest.exe untrusted search path | Oct 8, 2022 | (8.5) | Panini Everest | Link |
| Trend Micro Apex One Security Agent certificate validation | Oct 8, 2022 | (8.4) | Trend Micro | Link |
| puppetlabs-apt os command injection | Oct 8, 2022 | (7.6) | Puppetlabs-apt | Link |
| puppetlabs-mysql os command injection | Oct 8, 2022 | (7.6) | Puppetlabs-mysql | Link |
| Fortinet FortiOS CLI Command os command injection | Oct 10, 2022 | (8.9) | Fortinet FotiOS | Link |
| Dell Container Storage Modules goiscsi/gobrick os command injection | Oct 11, 2022 | (9.8) | Dell Container | Link |
| Dell Container Storage Modules goiscsi/gobrick os command injection | Oct 11, 2022 | (8.8) | Dell Container | Link |
| Microsoft Windows Local Security Authority Privilege Escalation | Oct 11, 2022 | (8.2) | Microsoft Windows Local Security | Link |
| Microsoft Windows ODBC Driver Remote Code Execution | Oct 11, 2022 | (7.7) | Microsoft Windows ODBC | Link |
| Microsoft Windows Server Service Privilege Escalation | Oct 11, 2022 | (7.7) | Microsoft Windows Server | Link |
| Array Networks ArrayOS command injection | Oct 13, 2022 | (8.4) | Array Networks | Link |
| Dell GeoDrive unquoted search path | Oct 13, 2022 | (7.6) | Dell GeoDrive | Link |
| PerFact OpenVPN Client Config Command unknown vulnerability | Oct 14, 2022 | (8.6) | Perfect Openvpn | Link |
| Huawei HarmonyOS MPTCP Module out-of-bounds write | Oct 14, 2022 | (7.8) | Huawei HarmonyOS | Link |
| Google Android HTBLogKM out-of-bounds write | Oct 14, 2022 | (7.5) | Google Android | Link |
| Adobe ColdFusion stack-based overflow | Oct 15, 2022 | (8.4) | Adobe | Link |
| Adobe ColdFusion heap-based overflow | Oct 15, 2022 | (8.4) | Adobe | Link |
| OpenHarmony Startup Subsystem improper authentication | Oct 15, 2022 | (8.1) | OpenHarmony | Link |
| Fortinet FortiTester Telnet Login os command injection | Oct 18, 2022 | (9.8) | Fortinet FortiTester | Link |
| Fortinet FortiTester SSH Login os command injection | Oct 18, 2022 | (9.8) | Fortinet | Link |
| D-Link Router lighttpd stack-based overflow | Oct 18, 2022 | (9.4) | D-Link | Link |
| D-Link DIR-2150 xupnpd command injection | Oct 18, 2022 | (9.4) | D-Link | Link |
| D-Link DIR-2150 xupnpd_generic command injection | Oct 18, 2022 | (9.4) | D-Link | Link |
| Windscribe uncontrolled search path | Oct 18, 2022 | (8.4) | Windscribe | Link |
| Linux Kernel nft_object use after free | Oct 18, 2022 | (8.4) | Linux Kernel | Link |
| D-Link DIR-2150 xupnpd ui_upload command injection | Oct 18, 2022 | (8.4) | D-Link | Link |
| D-Link DIR-2150 anweb websocket_data_handler stack-based overflow | Oct 18, 2022 | (8.4) | D-Link | Link |
| AVEVA Edge uncontrolled search path | Oct 18, 2022 | (8.4) | AVEVA | Link |
| AVEVA Edge SetBytesToManagedControl deserialization | Oct 18, 2022 | (8.4) | AVEVA | Link |
| OPC Labs QuickOPC deserialization | Oct 18, 2022 | (8.4) | OPC | Link |
| Apple macOS Remote Event memory corruption | Oct 18, 2022 | (7.7) | Apple Macos | Link |
| D-Link DIR-2150 anweb action_handler stack-based overflow | Oct 18, 2022 | (7.6) | D-Link | Link |
| Qualcomm Snapdragon Auto WLAN memory corruption | Oct 19, 2022 | (9.6) | Qualcomm | Link |
| Qualcomm Snapdragon Auto WLAN integer overflow | Oct 19, 2022 | (9.6) | Qualcomm | Link |
| Qualcomm Snapdragon Mobile Multimedia use after free | Oct 19, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Mobile BTHOST memory corruption | Oct 19, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Automotive Multimedia memory corruption | Oct 19, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Metadata memory corruption | Oct 19, 2022 | (7.9) | Qualcomm | Link |
| Nginx Plus ngx_http_hls_module out-of-bounds write | Oct 20, 2022 | (7.7) | Nginx | Link |
| ORing IAP-420 Telnet Server hard-coded credentials | Oct 21, 2022 | (9.2) | ORing | Link |
| Linux Kernel API io_uring Privilege Escalation | Oct 21, 2022 | (8.4) | Linux | Link |
| Aethon TUG Home Base Server authorization | Oct 21, 2022 | (7.6) | Aethon | Link |
| Aethon TUG Home Base Server channel accessible | Oct 21, 2022 | (7.6) | Aethon | Link |
| Aethon TUG Home Base Server authorization | Oct 21, 2022 | (7.6) | Aethon | Link |
| Lanner IAC-AST2500A spx_restservice Login_handler_func out-of-bounds write | Oct 24, 2022 | (9.9) | Lanner | Link |
| Lanner IAC-AST2500A spx_restservice SubNet_handler_func out-of-bounds write | Oct 24, 2022 | (9.9) | Lanner | Link |
| Lanner IAC-AST2500A spx_restservice KillDupUsr_func out-of-bounds write | Oct 24, 2022 | (9.8) | Lanner | Link |
| Lanner IAC-AST2500A spx_restservice Login_handler_func stack-based overflow | Oct 24, 2022 | (9.8) | Lanner | Link |
| Lanner IAC-AST2500A spx_restservice modifyUserb_func stack-based overflow | Oct 24, 2022 | (9.4) | Lanner | Link |
| Apache Heron Log injection | Oct 24, 2022 | (8.4) | Apache | Link |
| pikepdf PDF XMP Metadata Parser xml external entity reference | Oct 24, 2022 | (8.4) | Pikepdf | Link |
| Sony Content Transfer untrusted search path | Oct 24, 2022 | (8.2) | Sony | Link |
| Lanner IAC-AST2500A session fixiation | Oct 24, 2022 | (7.6) | Lanner | Link |
| Abode iota All-In-One Security Kit XCMD stack-based overflow | Oct 25, 2022 | (9.7) | Abode | Link |
| Abode iota All-In-One Security Kit Telnet hard-coded credentials | Oct 25, 2022 | (9.6) | Abode | Link |
| Abode iota All-In-One Security Kit XCMD getVarHA format string | Oct 25, 2022 | (8.4) | Abode | Link |
| Dataease MySQL Connection Parameter JdbcProvider.java deserialization | Oct 25, 2022 | (8.4) | Dataease MySQL | Link |
| Abode iota All-In-One Security Kit HTTP Request wirelessConnect os command injection | Oct 25, 2022 | (8.0) | Abode | Link |
| Microsoft Azure CLI code injection | Oct 25, 2022 | (7.7) | Microsoft Azure | Link |
| Abode iota All-In-One Security Kit XCMD ghome_process_control_packet format string | Oct 25, 2022 | (7.6) | Abode | Link |
| Abode iota All-In-One Security Kit XCMD testWifiAP format string | Oct 25, 2022 | (7.6) | Abode | Link |
| Socket.io JS Library Attachment Parser sql injection | Oct 26, 2022 | (8.5) | Socket.io | Link |
| OX Software OX App Suite Ghostscript os command injection | Oct 26, 2022 | (8.4) | OX Software | Link |
| Zalando Skipper server-side request forgery | Oct 26, 2022 | (7.9) | Zalando | Link |
| Delta Electronics InfraSuite Device Master CtrlLayerNWCmd_FileOperation pathname traversal | Oct 27, 2022 | (9.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode improper authentication | Oct 27, 2022 | (9.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master CheckLoadingStartupConfig pathname traversal | Oct 27, 2022 | (9.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master Device-Gateway Service deserialization | Oct 27, 2022 | (9.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master AddNewUser improper authentication | Oct 27, 2022 | (9.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master Device-DataCollect Service deserialization | Oct 27, 2022 | (9.0) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master DeSerializeBinary deserialization | Oct 27, 2022 | (8.4) | Delta Electronics | Link |
| Delta Electronics InfraSuite Device Master ModifyPrivByID improper authentication | Oct 27, 2022 | (8.4) | Delta Electronics | Link |
| Pimcore Twig Template code injection | Oct 27, 2022 | (8.4) | Pimcore | Link |
| OpenBMC bmcweb multipart_parser heap-based overflow | Oct 27, 2022 | (7.7) | OpenBMC | Link |
| OpenBMC bmcweb HTTP Header multipart_parser memory corruption | Oct 27, 2022 | (7.7) | OpenBMC | Link |
| Vulnerability | CVSSv3 | Release Date | Products | References |
| AutomationDirect DirectLOGIC Installation uncontrolled search path | Sep 1, 2022 | (8.1) | AutomationDirect | Link |
| Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow | Sep 1, 2022 | (7.7) | Contiki-NG | Link |
| Qualcomm Snapdragon Connectivity/Snapdragon Mobile Bluetooth Host stack-based overflow | Sep 2, 2022 | (8.4) | Qualcomm | Link |
| Qualcomm Snapdragon Auto IO Space xPUs permission | Sep 2, 2022 | (8.2) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Multimedia memory corruption | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto DSP Service out-of-bounds write | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Connectivity ELF Header memory corruption | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Video File Parser out-of-bounds | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto PCM Routing Process memory corruption | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Consumer IOT Graphic Driver use after free | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Multimedia Driver memory corruption | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto Multimedia memory corruption | Sep 2, 2022 | (7.9) | Qualcomm | Link |
| Qualcomm Snapdragon Auto RPMB cryptographic issues | Sep 2, 2022 | (7.6) | Qualcomm | Link |
| Qualcomm Snapdragon Auto APR Routing Table memory corruption | Sep 2, 2022 | (7.6) | Qualcomm | Link |
| SFTPGo Two-factor Authentication improper authentication | Sep 2, 2022 | (7.6) | SFTPGo | Link |
| ZyXEL NAS326/NAS540/NAS542 UDP Packet format string | Sep 6, 2022 | (9.6) | ZyXEL | Link |
| BitDefender GravityZone Console On-Premise Message deserialization | Sep 6, 2022 | (8.6) | BitDefender | Link |
| Indy Node pool-upgrade Request improper authentication | Sep 6, 2022 | (7.9) | Indy | Link |
| Outbyte PC Repair Installation File iertutil.dll uncontrolled search path | Sep 7, 2022 | (8.5) | Outbyte PC Repair | Link |
| ActivityWatch authentication spoofing | Sep 7, 2022 | (7.9) | ActivityWatch | Link |
| phpfusion unverified password change | Sep 7, 2022 | (7.8) | Phpfusion | Link |
| QNAP QTS Photo Station external reference | Sep 8, 2022 | (9.7) | QNAP QTS | Link |
| ikus060 rdiffweb improper restriction of rendered ui layers | Sep 9, 2022 | (8.0) | ikus060 | Link |
| Wiki UI Main Wiki code injection | Sep 9, 2022 | (7.9) | Wiki Ul Main | Link |
| XWiki Platform Applications Tag code injection | Sep 9, 2022 | (7.9) | XWiki | Link |
| cruddl Schema special elements in data query logic | Sep 9, 2022 | (7.9) | Cruddl | Link |
| Fortinet FortiSOAR HTTP GET Request os command injection | Sep 9, 2022 | (7.8) | Fortinet | Link |
| XWiki Platform Web Templates Email Verification authentication bypass | Sep 9, 2022 | (7.7) | XWiki | Link |
| MZ Automation libIEC61850 memcpy stack-based overflow | Sep 10, 2022 | (9.4) | Automation libIEC61850 | Link |
| MZ Automation libIEC61850 stack-based overflow | Sep 10, 2022 | (9.4) | Automation libIEC61850 | Link |
| Microsoft Windows Enterprise App Management Service Privilege Escalation | Sep 13, 2022 | (7.8) | Microsoft Windows | Link |
| Microsoft Windows ODBC Driver Remote Code Execution | Sep 13, 2022 | (7.7) | Microsoft Windows | Link |
| Microsoft Windows OLE DB Provider for SQL Server Remote Code Execution | Sep 13, 2022 | (7.7) | Microsoft Windows | Link |
| Microsoft Dynamics CRM Privilege Escalation | Sep 13, 2022 | (7.7) | Microsoft Windows | Link |
| Microsoft SharePoint Server Privilege Escalation | Sep 13, 2022 | (7.7) | Microsoft Windows | Link |
| Onedev Docker Socket docker.sock external reference | Sep 14, 2022 | (9.1) | Onedev Docker | Link |
| Crestron AirMedia Installation permission | Sep 14, 2022 | (8.8) | Crestron AirMedia | Link |
| ionicabizau parse-url server-side request forgery | Sep 14, 2022 | (8.0) | İonicabizau | Link |
| EZVIZ CS-CV248 Motion Detection stack-based overflow | Sep 15, 2022 | (9.1) | EZVIZ CS-CV248 | Link |
| ionicabizau parse-url interpretation input | Sep 15, 2022 | (8.2) | İonicabizau | Link |
| Qualcomm Snapdragon Connectivity/Snapdragon Mobile WLAN Key Parser memory corruption | Sep 16, 2022 | (9.6) | Qualcomm Snapdragon | Link |
| Zoom On-Premise Meeting Connector MMR access control | Sep 17, 2022 | (7.6) | Zoom | Link |
| Suprema Bio Star PUT Request access control | Sep 20, 2022 | (8.8) | Suprema Bio | Link |
| Kayrasoft sql injection | Sep 20, 2022 | (8.2) | Kayrasoft | Link |
| ForgeRock IDM/Java Remote Connector Server LDAP Connector access control | Sep 20, 2022 | (7.6) | ForgeRock | Link |
| Aruba ClearPass Policy Manager OnGuard Agent Privilege Escalation | Sep 21, 2022 | (8.8) | Aruba ClearPass | Link |
| UI Desktop access control | Sep 23, 2022 | (8.8) | UI Desktop | Link |
| Sophos Firewall User Portal/Webadmin code injection | Sep 23, 2022 | (8.5) | Sophos Firewall | Link |
| FFmpeg build_open_gop_key_points heap-based overflow | Sep 23, 2022 | (7.5) | FFmpeg | Link |
| Grandstream GSD3710 strcopy stack-based overflow | Sep 24, 2022 | (9.3) | Grandstream | Link |
| Measuresoft ScadaPro Server access control | Sep 24, 2022 | (8.2) | Measuresoft | Link |
| Synacor Zimbra Collaboration Suite Nginx permission | Sep 26, 2022 | (8.8) | Synacor | Link |
| Contec FXA3200 Wireless LAN Manager Interface mnt_cmd.cgi permission | Sep 26, 2022 | (8.0) | Contec FXA3200 | Link |
| NuProcess Command Line Argument Java_java_lang_UNIXProcess_forkAndExec command injection | Sep 27, 2022 | (8.4) | NuProcess | Link |
| Qualcomm Snapdragon Auto ION use after free | Sep 27, 2022 | (7.9) | Qualcomm Snapdragon | Link |
| Mist Command-Line Interface permission | Sep 27, 2022 | (7.5) | Mist Command-Line | Link |
| Carlo Gavazzi UWP/CPY Car Park Server path traversal | Sep 28, 2022 | (9.6) | Carlo Gavazzi | Link |
| Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials | Sep 28, 2022 | (9.6) | Carlo Gavazzi | Link |
| Carlo Gavazzi UWP/CPY Car Park Server hard-coded credentials | Sep 28, 2022 | (9.6) | Carlo Gavazzi | Link |
| Carlo Gavazzi UWP/CPY Car Park Server API missing authentication | Sep 28, 2022 | (9.6) | Carlo Gavazzi | Link |
| Carlo Gavazzi UWP/CPY Car Park Server API Parameter os command injection | Sep 28, 2022 | (9.6) | Carlo Gavazzi | Link |
| Check Point ZoneAlarm Extreme Security Updates permission | Sep 28, 2022 | (8.4) | Check Point | Link |
| Mozilla Firefox Maintenance Service toctou | Sep 29, 2022 | (8.4) | Mozilla Firefox | Link |
| Mozilla Thunderbird Maintenance Service toctou | Sep 29, 2022 | (8.4) | Mozilla Thunderbird | Link |
| matrix-js-sdk Verification key exchange without entity authentication | Sep 29, 2022 | (7.8) | matrix-js-sdk | Link |
| Vulnerability | CVSSv3 | Release Date | Products | References |
| kromitgmbh titra improper authorization | Aug 1, 2022 | (8.4) | Kromitgmbh titra | Link |
| Shescape Regular Expression escapeAll injection | Aug 2, 2022 | (8.4) | Shescape | Link |
| fs2 certificate validation | Aug 2, 2022 | (8.0) | fs2 certificate | Link |
| CVAT server-side request forgery | Aug 2, 2022 | (7.8) | CVAT | Link |
| VMware Workspace ONE Access improper authentication | Aug 3, 2022 | (9.4) | VMware Workspace | Link |
| monorepo-build Remote Code Execution | Aug 3, 2022 | (8.4) | Monorepo | Link |
| image-tiler Remote Code Execution | Aug 3, 2022 | (8.4) | İmage-tiler | Link |
| tooljet access control | Aug 3, 2022 | (8.4) | Tooljet | Link |
| gitblame gitblame.js injection | Aug 3, 2022 | (8.2) | Gitblame | Link |
| heroku-env get.js injection | Aug 3, 2022 | (8.2) | Heroku | Link |
| npos-tesseract ocr.js injection | Aug 3, 2022 | (8.2) | npos-tesseract | Link |
| NHI Card Network Packet stack-based overflow | Aug 3, 2022 | (7.7) | NHI Card Network | Link |
| OMICARD EDM hard-coded credentials | Aug 4, 2022 | (9.6) | OMICARD | Link |
| DevExpress SafeBinaryFormatter deserialization | Aug 4, 2022 | (8.6) | DevExpress | Link |
| Vinchin Backup and Recovery hard-coded credentials | Aug 4, 2022 | (8.5) | Vinchin | Link |
| Sante PACS Server sql injection | Aug 4, 2022 | (8.4) | Sante PACS | Link |
| OMICARD EDM API Function sql injection | Aug 4, 2022 | (8.4) | OMICARD EDM API | Link |
| Sante DICOM Viewer Pro J2K File Parser out-of-bounds write | Aug 4, 2022 | (8.3) | Sante DICOM | Link |
| KVM use after free | Aug 5, 2022 | (7.8) | KVM | Link |
| Samsung Baseband heap-based overflow | Aug 5, 2022 | (7.8) | Samsung | Link |
| Ethermint exposure of resource | Aug 5, 2022 | (7.6) | Ethermint | Link |
| TCL LinkHub Mesh Wi-Fi MS1G Configuration logserver GetValue buffer overflow | Aug 6, 2022 | (9.2) | TCL LinkHub | Link |
| TCL LinkHub Mesh Wi-Fi MS1G Network ucloud_del_node access control | Aug 6, 2022 | (9.2) | TCL LinkHub | Link |
| TCL LinkHub Mesh Wi-Fi MS1G Network Packet addTimeGroup stack-based overflow | Aug 6, 2022 | (8.8) | TCL LinkHub | Link |
| TCL LinkHub Mesh Wi-Fi MS1G Network confctl_set_guest_wlan denial of service | Aug 6, 2022 | (8.8) | TCL LinkHub | Link |
| Microsoft Windows SMB Remote Code Execution | Aug 9, 2022 | (7.7) | Microsoft Wİndows | Link |
| KUKA V-KSS Robot Configuration missing authentication | Aug 10, 2022 | (9.6) | KUKA V-KSS | Link |
| Cisco Small Business RV345 buffer overflow | Aug 10, 2022 | (9.4) | Cisco Small | Link |
| Siemens SCALANCE XR-500 injection | Aug 10, 2022 | (8.4) | Siemens | Link |
| Cisco Small Business RV345 buffer overflow | Aug 10, 2022 | (8.3) | Cisco Small | Link |
| Cisco Small Business RV345 buffer overflow | Aug 10, 2022 | (8.3) | Cisco Small | Link |
| ClamAV Antivirus Regex Module out-of-bounds | Aug 10, 2022 | (8.3) | ClamAV | Link |
| mc-kill-port kill Local Privilege Escalation | Aug 10, 2022 | (7.6) | mc-kill-port | Link |
| B&R Studio input validation | Aug 11, 2022 | (8.2) | B&R | Link |
| Zoom Client for Meetings URL Parser input validation | Aug 11, 2022 | (7.8) | Zoom | Link |
| loopback-connector-postgresql sql injection | Aug 13, 2022 | (7.6) | Postgrsql | Link |
| Cockpit authentication bypass | Aug 15, 2022 | (8.4) | Cockbit | Link |
| nameless missing critical step in authentication | Aug 15, 2022 | (8.4) | Nameless | Link |
| Zoom Client for Meetings signature verification | Aug 16, 2022 | (8.6) | Zoom | Link |
| oxyno-zeta react-editable-json-tree neutralization of directives | Aug 16, 2022 | (7.7) | Oxyno-zeta | Link |
| Emerson ControlWave BSAP-IP Protocol integrity check | Aug 17, 2022 | (9.6) | Emerson ControlWave | Link |
| GOG Galaxy GOG.com permission | Aug 17, 2022 | (8.8) | GOG Galaxy | Link |
| Sequi PortBloque S Requests improper authorization | Aug 17, 2022 | (8.0) | Sequi PortBloque | Link |
| Sequi PortBloque S improper authentication | Aug 17, 2022 | (7.8) | Sequi PortBloque | Link |
| Device42 CMDB db_optimize os command injection | Aug 17, 2022 | (7.6) | Device42 CMDB | Link |
| Zoom Rooms for Conference Rooms signature verification | Aug 18, 2022 | (8.4) | Zoom | Link |
| Qualys Cloud Agent access control | Aug 18, 2022 | (8.4) | Qualys Cloud Agent | Link |
| Cisco Secure Web Appliance HTTP os command injection | Aug 19, 2022 | (8.4) | Cisco Secure | Link |
| Project-Nexus sql injection | Aug 20, 2022 | (8.5) | Project-Nexus | Link |
| IBM MQ XML Data xml external entity reference | Aug 20, 2022 | (7.6) | IBM MQ | Link |
| MA Lighting grandMA2 Light hard-coded credentials | Aug 21, 2022 | (8.8) | MA Lighting | Link |
| Linux Kernel eBPF out-of-bounds write | Aug 24, 2022 | (8.6) | Linux Kernel | Link |
| mySCADA myPRO command injection | Aug 24, 2022 | (8.4) | mySCADA myPRO | Link |
| Measuresoft ScadaPro Server ActiveX Control out-of-bounds write | Aug 24, 2022 | (8.4) | Measuresoft Scada Pro | Link |
| Linux Kernel NILFS File System inode.c security_inode_alloc use after free | Aug 24, 2022 | (8.4) | Linux Kernel | Link |
| Linksys MR8300 DDNS Service os command injection | Aug 24, 2022 | (7.7) | Linksys MR8300 | Link |
| Cisco NX-OS/FXOS Discovery Protocol Packet stack-based overflow | Aug 25, 2022 | (8.6) | Cisco | Link |
| Linux Kernel Pipe Buffer pipe_resize_ring locking | Aug 25, 2022 | (8.4) | Linux Kernel | Link |
| Linux Kernel LightNVM Subsystem heap-based overflow | Aug 25, 2022 | (8.4) | Linux Kernel | Link |
| RPM link following | Aug 26, 2022 | (8.4) | RPM | Link |
| Linux Kernel SUID/GUID begin_new_exec permission | Aug 26, 2022 | (8.4) | Linux Kernel | Link |
| Linux Kernel PLP Rose rose_bind use after free | Aug 29, 2022 | (8.5) | Linux Kernel | Link |
| Linux Kernel io_uring Subsystem io_uring.c io_register_personality use after free | Aug 29, 2022 | (8.4) | Linux Kernel | Link |
| Hytec Inter HWL-2511-SS Command Line Interface command injection | Aug 30, 2022 | (8.5) | Hytec | Link |
| Le-yan Personnel and Salary Management System hard-coded credentials | Aug 30, 2022 | (8.4) | Le-yan | Link |
| Patlite NH-FB Firmware unrestricted upload | Aug 30, 2022 | (7.7) | Patlite | Link |
| Dell Container Storage Modules goiscsi/gobrick os command injection | Aug 31, 2022 | (8.8) | Dell | Link |
| Dell EMC SmartFabric os command injection | Aug 31, 2022 | (7.9) | Dell | Link |
| Dell Container Storage Modules goiscsi/gobrick path traversal | Aug 31, 2022 | (7.5) | Dell | Link |
| Vulnerability | CVSSv3 | Release Date | Products | References |
| OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption | July 1, 2022 | (9.4) | OpenSSL | Link |
| SaltStack Salt improper authorization | July 1, 2022 | (8.0) | SaltStack | Link |
| Distributed Data Systems WebHMI os command injection | July 2, 2022 | (8.0) | Distrubuted Data System | Link |
| Nokia DGX A100 BiosCfgTool memory corruption | July 2, 2022 | (8.0) | Nokia | Link |
| GitLab Project Import Privilege Escalation | July 2, 2022 | (7.9) | GitLab | Link |
| git-clone command injection | July 2, 2022 | (7.6) | git-clone | Link |
| Home Spot Cube2 DHCP Server Reply os command injection | July 3, 2022 | (8.5) | Home Spot Cube2 | Link |
| Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion | July 5, 2022 | (8.4) | Linux Kernel | Link |
| IOBit Advanced System Care/Action Download Center Asc.exe permission | July 6, 2022 | (8.5) | IOBit | Link |
| MediaTek MT8797 Modem out-of-bounds write | July 6, 2022 | (8.4) | MediaTek | Link |
| IOBit Advanced System Care/Driver Booster Update Procedure data authenticity | July 6, 2022 | (7.8) | IOBit | Link |
| MediaTek MT8797 Modem 2G RR out-of-bounds write | July 6, 2022 | (7.7) | MediaTek | Link |
| CWP command injection | July 7, 2022 | (7.7) | CWP | Link |
| Dell EMC Storage Cloud Mobility Remote Code Execution | July 8, 2022 | (8.9) | Dell EMC | Link |
| atoms183 CMS product_admin.php sql injection | July 8, 2022 | (8.0) | Atoms183 CMS | Link |
| HPE IceWall SSO sql injection | July 8, 2022 | (7.9) | HPE | Link |
| Dell EMC PowerProtect Cyber Recovery access control | July 8, 2022 | (7.6) | Dell EMC | Link |
| Keycloak authorization | July 8, 2022 | (7.6) | Keycloak | Link |
| Hap-WI Roxy-WI options.py subprocess_execute os command injection | July 9, 2022 | (9.4) | Hap-WI Roxy-WI | Link |
| rpc.py HTTP Header deserialization | July 9, 2022 | (8.2) | Rpc | Link |
| Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication | July 11, 2022 | (9.6) | Lenze cabinet | Link |
| Microsoft Azure Site Recovery VMWare to Azure Remote Code Execution | July 12, 2022 | (8.1) | Microsoft Azure | Link |
| Microsoft Windows Shell Privilege Escalation | July 12, 2022 | (7.8) | Microsoft Windows Shell | Link |
| Kubernetes aws-iam-authenticator access control | July 12, 2022 | (7.7) | Kubernetes | Link |
| Microsoft Azure Site Recovery VMWare to Azure Privilege Escalation | July 12, 2022 | (7.6) | Microsoft AZure | Link |
| Pyramid EtherNet-IP Adapter Development Kit Packet out-of-bounds write | July 13, 2022 | (9.1) | Pyramid EtherNet-IP | Link |
| Verizon 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtcmode.sh enable_ssh os command injection | July 14, 2022 | (8.5) | Verizon 5G Home | Link |
| 5G Home LVSKIHP InDoorUnit crtcrpc JSON Listener crtc.lua crtcreadpartition os command injection | July 14, 2022 | (8.5) | 5G Home | Link |
| Verizon 5G Home LVSKIHP OutDoorUnit crtcrpc JSON Listener rpc.lua crtcswitchsimprofile os command injection | July 14, 2022 | (8.5) | Verizon 5G Home | Link |
| Verizon 5G Home LVSKIHP OutDoorUnit RPC Endpoint wnc_crtc_fw.sh crtc_fw_upgrade Privilege Escalation | July 14, 2022 | (8.0) | Verizon 5G Home | Link |
| Verizon 5G Home LVSKIHP InDoorUnit RPC Endpoint crtc.lua crtcfwimage unrestricted upload | July 14, 2022 | (8.0) | Verizon 5G Home | Link |
| Verizon 5G Home LVSKIHP OutDoorUnit Settings Page settings.lua os command injection | July 14, 2022 | (7.7) | Verizon 5G Home | Link |
| Hap-WI Roxy-WI options.py subprocess_execute command injection | July 16, 2022 | (8.5) | Hap-WI Roxy-WI | Link |
| Parallels Desktop HDAudio Virtual Device buffer overflow | July 16, 2022 | (7.7) | Parallels Desktop HDAudio | Link |
| Infiray IRAY-A8Z3 strcpy buffer overflow | July 18, 2022 | (8.0) | Infiray IRAY | Link |
| QVIS NVR DVR sudo Configuration access control | July 18, 2022 | (7.6) | QVIS NVR DVR | Link |
| AnyDesk symlink | July 19, 2022 | (8.5) | AnyDesk | Link |
| Feed Them Social Plugin deserialization | July 19, 2022 | (8.4) | Feed Them Social Plugin | Link |
| Parallels Desktop permission assignment | July 19, 2022 | (8.3) | Parallels Desktop | Link |
| Parallels Access uncontrolled search path | July 19, 2022 | (8.3) | Parallels Desktop | Link |
| Fortinet FortiClient FortiESNAC Service path traversal | July 19, 2022 | (8.3) | Fortinet | Link |
| Parallels Access Desktop Control Agent service uncontrolled search path | July 19, 2022 | (8.3) | Parallels Access Desktop | Link |
| Parallels Desktop ACPI Virtual Device out-of-bounds | July 19, 2022 | (7.7) | Parallels Desktop ACPI | Link |
| Zyxel USG ZyWALL CLI Command privileges management | July 19, 2022 | (7.6) | Zyxel | Link |
| Yokogawa Passage Drive Interprocess Communication os command injection | July 20, 2022 | (8.8) | Yokogawa | Link |
| Pega Platform JMX Interface deserialization | July 20, 2022 | (8.5) | Pega Platform | Link |
| Digiwin BPM sql injection | July 20, 2022 | (8.4) | Digiwin | Link |
| openSUSE Tumbleweed keylime symlink | July 20, 2022 | (7.8) | openSUSE | Link |
| Fortinet FortiAP-U CLI CLI Command path traversal | July 20, 2022 | (7.8) | Fortinet | Link |
| Fortinet FortiClientWindows unnecessary privileges | July 20, 2022 | (7.8) | Fortinet | Link |
| Apple watchOS AppleAVD buffer overflow | July 21, 2022 | (9.4) | Apple | Link |
| Apple watchOS Wi-Fi memory corruption | July 21, 2022 | (9.4) | Apple | Link |
| Apple tvOS Wi-Fi Remote Code Execution | July 21, 2022 | (8.4) | Apple | Link |
| Advantech iView command injection | July 22, 2022 | (9.6) | Advantech iView | Link |
| Apple macOS Wi-Fi Remote Code Execution | July 22, 2022 | (9.4) | Apple | Link |
| Apple macOS Wi-Fi Remote Code Execution | July 22, 2022 | (9.4) | Apple | Link |
| Advantech iView sql injection | July 22, 2022 | (7.6) | Advantech iView | Link |
| Advantech iView missing authentication | July 22, 2022 | (7.6) | Advantech iView | Link |
| convert-svg-core SVG File code injection | July 23, 2022 | (7.9) | SVG File | Link |
| Atos Unify OpenScape SBC/OpenScape Branch/OpenScape BCF Remote Code Execution | July 25, 2022 | (8.4) | Atos Unify OpenScape | Link |
| ffmpeg-sdk index.js injection | July 25, 2022 | (8.2) | – | Link |
| Osamaesh WP Visitor Statistics Plugin sql injection | July 25, 2022 | (8.2) | Osamaesh WP Visitor | Link |
| Pega improper authorization | July 26, 2022 | (8.5) | Pega | Link |
| hestiacp os command injection | July 27, 2022 | (7.9) | Hestiacp | Link |
| Veritas NetBackup OpsCenter Java Classloader code injection | July 28, 2022 | (9.8) | Veritas | Link |
| Synology Media Server CGI buffer overflow | July 28, 2022 | (9.7) | Synology Media server | Link |
| Veritas NetBackup access control | July 28, 2022 | (9.3) | Veritas | Link |
| Veritas NetBackup access control | July 28, 2022 | (9.2) | Veritas | Link |
| Veritas NetBackup OpsCenter VxSS Subsystem hard-coded credentials | July 28, 2022 | (8.8) | Veritas | Link |
| Veritas NetBackup OpsCenter Remote Code Execution | July 28, 2022 | (8.7) | Veritas | Link |
| Veritas NetBackup OpsCenter Local Privilege Escalation | July 28, 2022 | (8.5) | Veritas | Link |
| Veritas NetBackup OpsCenter User Account access control | July 28, 2022 | (8.1) | Veritas | Link |
| Veritas Netbackup access control | July 28, 2022 | (7.9) | Veritas | Link |
| AVEVA Platform Common Services uncontrolled search path | July 28, 2022 | (7.9) | AVEVA Platform | Link |
| Veritas NetBackup access control | July 28, 2022 | (7.8) | Veritas | Link |
| Veritas NetBackup Privilege Escalation | July 28, 2022 | (7.7) | Veritas | Link |
| PHP libmagic finfo_buffer free of memory not on the heap | July 28, 2022 | (7.7) | PHP | Link |
| SonicWALL Analytics On-Prem sql injection | July 29, 2022 | (9.4) | SonicWall | Link |
| IBM PowerVM VIOS Remote Code Execution | July 29, 2022 | (9.3) | IBM PowerVM | Link |
| Ovarro TBox TG2 Configuration code injection | July 29, 2022 | (8.6) | Ovarro TBox | Link |
| Ovarro TBox TG2 Configuration File permission assignment | July 29, 2022 | (8.6) | Ovarro TBox | Link |
| Inavitas Solar Log sql injection | July 29, 2022 | (8.3) | Inavitas Solar | Link |
| HPE iLO 5 Remote Code Execution | July 31, 2022 | (8.4) | HPE iLO 5 | Link |
| Vulnerability | CVSSv3 | Release Date | Products | References |
| Sofia-SIP SDP Message Parser heap-based overflow | June 1, 2022 | (8.0) | Sofia-SIP | Link |
| ramank775 Chat Server Access Token Validator this.authProvider.verifyAccessKey improper authentication | June 1, 2022 | (8.0) | Ramank775 | Link |
| Schneider Electric Wiser Smart missing encryption | June 3, 2022 | (7.7) | Schneider Electric | Link |
| eG Agent permission | June 3, 2022 | (7.6) | eG Agent | Link |
| Atlassian Confluence Server/Data Center OGNL injection | June 4, 2022 | (9.4) | Atlassian Confluence Server | Link |
| Dominion Democracy Suite Voting System ImageCast X certificate validation | June 5, 2022 | (8.1) | Dominion Democracy Suite Voting System | Link |
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow | June 6, 2022 | (9.7) | HID Mercury | Link |
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Hostname protection mechanism | June 6, 2022 | (9.5) | HID Mercury | Link |
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Route edit_route.cgi os command injection | June 6, 2022 | (8.6) | HID Mercury | Link |
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Firmware Binary direct request | June 6, 2022 | (8.5) | HID Mercury | Link |
| HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 path traversal | June 6, 2022 | (8.0) | HID Mercury | Link |
| 3CX Phone System PhoneSystem Terminal improper authentication | June 7, 2022 | (8.8) | 3CX Phone System | Link |
| emicklei go-restful authorization | June 8, 2022 | (8.1) | Emicklei | Link |
| ToaruOS Kernel access control | June 8, 2022 | (7.7) | ToaruOS | Link |
| ITarian SAAS/On-Premise procedures security check for standard | June 9, 2022 | (9.1) | ITarian | Link |
| Linux Kernel File System Notification copy_event_to_user use after free | June 9, 2022 | (8.4) | Linux Kernel File System | Link |
| PJSIP STUN buffer overflow | June 9, 2022 | (8.4) | PJSIP | Link |
| ITarian Endpoint Manage Communication Client OpenSSL Configuration openssl.conf permission | June 9, 2022 | (8.1) | ITarian | Link |
| Firejail User Namespace join.c access control | June 9, 2022 | (7.9) | Firejail | Link |
| gogs os command injection | June 10, 2022 | (8.5) | gogs | Link |
| gogs path traversal | June 10, 2022 | (8.5) | gogs | Link |
| jgraph drawio code injection | June 10, 2022 | (8.3) | jgraph | Link |
| ToolJet Remote Code Execution | June 10, 2022 | (7.6) | ToolJet | Link |
| RealVNC VNC Server Installer Repair access control | June 11, 2022 | (8.4) | RealVNC | Link |
| Dell SupportAssist Client Consumer uncontrolled search path | June 11, 2022 | (8.3) | Dell Sport Asssist | Link |
| Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow | June 11, 2022 | (7.6) | Linux Kernel | Link |
| Festo Controller CECC-X-M1 POST Request os command injection | June 13, 2022 | (9.6) | Festo Controller | Link |
| NAVER Cloud Explorer privileges management | June 13, 2022 | (8.8) | NAVER Cloud | Link |
| Microsoft Windows Network File System Remote Code Execution | June 14, 2022 | (8.9) | Microsoft Windows | Link |
| Microsoft Windows LDAP Remote Code Execution | June 14, 2022 | (8.1) | Microsoft Windows | Link |
| Microsoft SharePoint Server Privilege Escalation | June 14, 2022 | (8.1) | Microsoft Sharepoint Server | Link |
| Microsoft SharePoint Server Privilege Escalation | June 14, 2022 | (8.1) | Microsoft Sharepoint Server | Link |
| Microsoft Windows LDAP Remote Code Execution | June 14, 2022 | (8.1) | Microsoft Windows LDAP | Link |
| Microsoft Windows Kerberos AppContainer Privilege Escalation | June 14, 2022 | (8.0) | Microsoft Windows Kerberos | Link |
| Microsoft Windows Kerberos Privilege Escalation | June 14, 2022 | (7.7) | Microsoft Windows Kerberos | Link |
| Microsoft System Center Operations Manager Privilege Escalation | June 14, 2022 | (7.6) | Microsoft System Center Operations Manager | Link |
| Splunk Enterprise Forwarder Bundle access control | June 15, 2022 | (8.3) | Splunk | Link |
| PHP Parametrized Query uninitialized pointer | June 16, 2022 | (7.7) | PHP | Link |
| Anker Eufy Homebase mips_collector use after free | June 17, 2022 | (8.0) | Anker Eufy Hombase | Link |
| Parse Server Apple Game Center Auth Adapter improper authentication | June 17, 2022 | (7.8) | Apple Game Center | Link |
| polonel trudesk API incorrect privileged apis | June 20, 2022 | (8.5) | Polonel Trudesk | Link |
| polonel trudesk unrestricted upload | June 20, 2022 | (8.3) | Polonel Trudesk | Link |
| McAfee Consumer Product Removal Tool Configuration File permission | June 20, 2022 | (8.2) | McAfee | Link |
| McAfee Consumer Product Removal Tool uncontrolled search path | June 20, 2022 | (8.2) | McAfee | Link |
| Phoenix Contact Product data authenticity | June 21, 2022 | (9.6) | Phoenix | Link |
| Comodo Antivirus Quarantine access control | June 22, 2022 | (8.8) | Comodo Antivirus | Link |
| Red Hat Enterprise Linux Kernel hard-coded key | June 22, 2022 | (8.4) | RedHat Enterprise Linux | Link |
| Tenable Nessus PowerShell cmdlet Check access control | June 22, 2022 | (8.4) | Tenable Nessus | Link |
| SiHAS SGW-300/ACM-300/GCM-300 Firmware improper authentication | June 23, 2022 | (9.2) | SiHAS SGW-300/ACM-300/GCM-300 Firmware | Link |
| Pure Storage Purity FA/Purity FB Management Interface hard-coded credentials | June 23, 2022 | (8.4) | Pure Storage | Link |
| Pure Storage Purity FA/Purity FB Restricted Shell access control | June 23, 2022 | (7.6) | Pure Storage | Link |
| CODESYS Products Request unexpected sign extension | June 24, 2022 | (9.8) | CODESYS Products | Link |
| CODESYS PLCWinNT and Runtime Toolkit 32 Password Protection insecure default initialization of resource | June 24, 2022 | (9.6) | CODESYS PLCWinNT | Link |
| CODESYS Products Request heap-based overflow | June 24, 2022 | (8.8) | CODESYS Products | Link |
| CODESYS Products Local File out-of-range pointer offset | June 24, 2022 | (8.8) | CODESYS Products | Link |
| MELAG FTP Server unnecessary privileges | June 24, 2022 | (8.1) | Melag FTP | Link |
| Illumina Local Run Manager unrestricted upload | June 25, 2022 | (9.7) | Illumina | Link |
| Secheron SEPCOS behavioral workflow | June 25, 2022 | (9.4) | Secheron SEPCOS | Link |
| EagleGet Downloader luminati_net_updater_win_eagleget_com Privilege Escalation | June 25, 2022 | (8.8) | EagleGet | Link |
| Illumina Local Run Manager path traversal | June 25, 2022 | (8.5) | Illumina | Link |
| Secheron SEPCOS FTP Server access control | June 25, 2022 | (8.4) | Secheron SEPCOS | Link |
| Illumina Local Run Manager improper authorization | June 25, 2022 | (8.0) | Illumina | Link |
| ionicabizau parse-url server-side request forgery | June 27, 2022 | (8.2) | İonicabizau | Link |
| Douzone NeoRS ActiveX Module origin validation | June 28, 2022 | (8.1) | Douzone NeoRS | Link |
| LDAP Account Manager injection | June 28, 2022 | (7.6) | LDAP | Link |
| Clever underscore.deep deepFromFlat prototype pollution | June 28, 2022 | (7.6) | Clever DeepFromFlat | Link |
| Vulnerability | CVSSv3 | Release Date | Products | References |
| Bender CC612 SSH hard-coded password (CVE-2021-34601) | Apr 28, 2022 | (9.8) | Bender CC612 | Link |
| Bender CC612/CC613/ICC15xx/ICC16xx ifplugd unnecessary privileges (CVE-2021-34591) | Apr 28, 2022 | (7.6) | Bender CC612/CC613/ICC15xx/ICC16xx | Link |
| cifs-utils mount.cifs stack-based overflow (CVE-2022-27239) | Apr 28, 2022 | (7.5) | cifs-utils | Link |
| Bender CC612/CC613/ICC15xx/ICC16xx Web Interface os command injection (CVE-2021-34602) | Apr 28, 2022 | (8.6) | Bender CC612/CC613/ICC15xx/ICC16xx | Link |
| FreeRDP NTLM Authentication improper authentication ( CVE-2022-24882) | Apr 26, 2022 | (9.3) | FreeRDP up to 2.6.x | Link |
| Solana rBPF sdiv Instruction calculation (CVE-2022-23066) | May 9, 2022 | (9.3) | SOLANA RBPF | Link |
| Tecson Tankspion Endpoint improper authentication (CVE-2019-12254) | May 7, 2022 | (8.4) | TECSON TANKSPION ENDPOINT | Link |
| Splunk Enterprise Search Parameter injection (CVE-2022-26889) | May 7, 2022 | (7.9) | Splunk Enterprise | Link |
| QNAP QVR command injection (CVE-2022-27588) | May 6, 2022 | (9.6) | QNAP QVR PRIOR 5.1.6 | Link |
| ecdsautils CLI Command ecdsa_verify_list_legacy signature verification (CVE-2022-24884) | May 6, 2022 | (8.5) | ECDSAUTILS | Link |
| Flux/kustomize-controller kustomization.yaml path traversal (CVE-2022-24887) | May 6, 2022 | (7.9) | FLUX/KUSTOMIZE-CONTROLLER | Link |
| python-libnmap Remote Code Execution (CVE-2022-30284) | May 5, 2022 | (8.5) | Python | Link |
| clinical-genomics scout server-side request forgery (CVE-2022-1592) | May 5, 2022 | (8.2) | CLINICAL-GENOMICS SCOUT | Link |
| YetiForce CRM unrestricted upload (CVE-2022-1411) | May 5, 2022 | (7.5) | YETIFORCE CRM | Link |
| TIBCO Managed File Transfer Command Center DOM XML Parser/SAX XML Parser xml external entity reference (CVE-2022-22774) | May 10, 2022 | (7.9) | TIBCO | Link |
| D-Link DIR-882 Blink command injection (CVE-2022-28901) | May 10, 2022 | (8.0) | D-Link | Link |
| D-Link DIR-882 SubnetMask command injection (CVE-2022-28896) | May 10, 2022 | (8.0) | D-Link | Link |
| D-Link DIR-882 IPAddress command injection (CVE-2022-28895) | May 10, 2022 | (7.7) | D-Link | Link |
| alextselegidis easyappointments API privileges management (CVE-2022-1397) | May 10, 2022 | (8.6) | alextselegidis | Link |
| InHand InRouter302 Console Factory stack-based overflow (CVE-2022-26002) | May 12, 2022 | (8.1) | InHand | Link |
| InHand InRouter302 httpd libnvram.so nvram_import input validation (CVE-2022-26782) | May 12, 2022 | (9.3) | InHand | Link |
| InHand InRouter302 Network Request infactory_net os command injection (CVE-2022-26518) | May 12, 2022 | (9.3) | InHand | Link |
| InHand InRouter302 Console infactory_port os command injection (CVE-2022-26420) | May 12, 2022 | (9.3) | InHand | Link |
| InHand InRouter302 Console infactory_wlan os command injection (CVE-2022-26075) | May 12, 2022 | (9.3) | InHand | Link |
| Weintek cMT code injection (CVE-2021-27446) | May 17, 2022 | (9.7) | Weintek | Link |
| Trend Micro Password Manager link following (CVE-2022-30523) | May 17, 2022 | (8.8) | Trend Micro | Link |
| Weintek cMT access control (CVE-2021-27444) | May 17, 2022 | (8.4) | Weintek | Link |
| Linux Kernel sched Privilege Escalation (CVE-2022-29581) | May 17, 2022 | (8.1) | Linux kernel | Link |
| Linux Kernel io_uring integer overflow (CVE-2022-1116) | May 17, 2022 | (8.1) | Linux kernel | Link |
| Fidelis Network and Deception Web Interface os command injection (CVE-) | May 18, 2022 | (8.6) | Fidelis | Link |
| Fidelis Network and Deception CLI cert_utils os command injection | May 18, 2022 | (8.6) | Fidelis | Link |
| Fidelis Network and Deception CLI remote_text_file os command injection | May 18, 2022 | (8.6) | Fidelis | Link |
| Fidelis Network and Deception Web Interface os command injection | May 18, 2022 | (8.6) | Fidelis | Link |
| NVIDIA GPU Display Driver Kernel Mode Layer out-of-bounds read | May 18, 2022 | (8.1) | NVIDIA | Link |
| FlyteConsole Web User Interface server-side request forgery | May 18, 2022 | (8.0) | FlyteConsole | Link |
| Lenovo System Interface Foundation IMController toctou | May 20, 2022 | (7.5) | Lenova | Link |
| Lenovo System Interface Foundation IMController toctou | May 20, 2022 | (7.5) | Lenova | Link |
| Snow License Manager unquoted search path | May 20, 2022 | (7.5) | Snow | Link |
| Mitsubishi Electric Factory Automation Engineering permission | May 20, 2022 | (7.7) | Mitsubishi Electric | Link |
| Vmware Workspace ONE Access access control | May 21, 2022 | (8.4) | Vmware Workspace | Link |
| Vmware Workspace ONE Access improper authentication | May 21, 2022 | (9.4) | Vmware Workspace | Link |
| Nokogiri XML Parser/HTML4 SAX Parser #to_s memory corruption | May 21, 2022 | (7.6) | Nokogiri | Link |
| Rundeck hard-coded key | May 21, 2022 | (8.0) | Rundeck | Link |
| Argo CD improper authentication | May 21, 2022 | (8.5) | Argo CD | Link |
| Cilium default permission | May 21, 2022 | (8.6) | Cilium | Link |
| SOOTEWAY Wi-Fi Range Extender Telnet Service hard-coded credentials | May 21, 2022 | (9.8) | SOOTEWAY Wifi | Link |
| publify access control | May 22, 2022 | (7.9) | Publify | Link |
| publify unrestricted upload | May 24, 2022 | (7.5) | Publify | Link |
| Zyxel USG/ZyWALL packet-trace argument injection | May 24, 2022 | (7.8) | Zyxel | Link |
| Cognex In-Sight OPC Server deserialization | May 24, 2022 | (8.4) | Cognex | Link |
| Annke N48PBB stack-based overflow | May 24, 2022 | (9.4) | Annke | Link |
| Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow | May 25, 2022 | (9.6) | Microsoft Azure | Link |
| Open Automation OAS SecureTransferFiles missing authentication | May 26, 2022 | (8.2) | Open Automation | Link |
| Open Automation OAS REST API missing authentication | May 26, 2022 | (8.1) | Open Automation | Link |
| Archer Platform SSO ADFS access control | May 27, 2022 | (9.5) | Archer Platform | Link |
| protobufjs code injection | May 28, 2022 | (7.6) | Protobufjs | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
Zero-Day Remote code Execution Vulnerability in Palo Alto Firewalls Utilising the GlobalProtect VPN Component CVE-2021-3064 | Unknown | 9.8 | Nov 10, 2021 | Palo Alto Firewall Operating System PAN-OS 8.1 prior to 8.1.17 | Link |
Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability discovered by MSTIC CVE-2021-42321 | Exploited in the Tianfu Cup | 8.8 | Nov 9, 2021 | Microsoft Exchange Server | Link |
Microsoft Excel Security Feature Bypass Vulnerability discovered by MSTIC CVE-2021-42292 | In-the-wild | 7.8 | Nov 9, 2021 | Microsoft Office | Link |
Critical Citrix Unauthenticated Denial of Service (DDoS) Bug Shuting Down Network, Cloud App Access CVE-2021-22955 | Ongoing exploitation | N/A | Nov 9, 2021 | Citrix ADC | Citrix Gateway | Link |
Critical Remote Code Execution (RCE) in the Transparent Inter Process Communication (TIPC) Module of the Linux Kernel CVE-2021-43267 | Unknown | 9.8 | Nov 2, 2021 | Linux Kernel Versions between 5.10 and 5.15 | Link |
Google Android Zero-Day Use-After-Free (UAF) Bug Leading to a Local Escalation of Privilege in the Kernel CVE-2021-1048 | In-the-wild | 7.8 | Nov 1, 2021 | Android Kernel | Link |
‘Trojan Source’ Bugs of Unicode Bidirectional Algorithm (BiDi) CVE-2021-42574 | CVE-2021-42694 | POC Exploit Code Available | 9.8 | Nov 1, 2021 | Unicode Bidirectional Algorithm (BiDi) through Version 14.0 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Cisco SD-WAN High-Severity Privilege Escalation Vulnerability Leading to Arbitrary Code Execution in the IOS IE Operating System
CVE-2021-1529 |
Unknown | 7.8 | Oct 20, 2021 | Cisco IOS XE Software | Cisco IOS XE SD-WAN Software | Link |
| RCE Vulnerability in The Trial Version of WinRAR
CVE-2021-35052 |
Unknown | N/A | Oct 20, 2021 | WinRAR Version 5.70 | Link |
| Google Chrome Critical Heap-Buffer-Overflow and Use-After-Free (UAF) Vulnerabilities
CVE-2021-37981 | CVE-2021-37984 | CVE-2021-37982 | CVE-2021-37983 | CVE-2021-37985 |
Unknown | N/A | Oct 19, 2021 | Google Chrome | Link |
| Microsoft Exchange Server Remote Code (RCE) Vulnerability found by NSA
CVE-2021-26427 |
Unknown | 9.0 | Oct 12, 2021 | Microsoft Exchange Server | Link |
| Windows Win32k Elevation of Privilege Zero-Day Vulnerability Used By MysterySnail RAT
CVE-2021-40449 |
In-the-wild | 7.8 | Oct 12, 2021 | All Supported Versions of Windows | Link |
| RCE Vulnerabilities on Microsoft SharePoint and Windows DNS Servers
CVE-2021-40487 | CVE-2021-40469 |
Unknown | 8.1 | Oct 12, 2021 | Microsoft SharePoint Versions | Windows DNS Server Versions | Link
Link |
| Apple iOS Remote Code Execution (RCE) Zero-Day Bug
CVE-2021-30883 |
In-the-wild | N/A | Oct 11, 2021 | iOS 15.0.2 and iPadOS 15.0.2 | Link |
| Path Traversal Zero Day and File Disclosure Vulnerability in Apache HTTP Server
CVE-2021-41773 | CVE-2021-42013 |
In-the-wild | 7.5 | Oct 4, 2021 | Apache HTTP Server 2.4.49 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Second Pair of Google Chrome Use-after-free Zero Day Bugs in September CVE-2021-37975 | CVE-2021-37976 | In-the-wild | N/A | Sep 30, 2021 | Google Chrome | Link |
| Unpatched Stored XSS Zero-Day Vulnerability in Apple AirTag N/A | Unknown | N/A | Sep 29, 2021 | Apple AirTag | Link |
| Cisco Unauthenticated Remote-code-execution (RCE) and Denial-of-service (DoS) Vulnerability CVE-2021-34770 | Unknown | 10 | Sep 22, 2021 | Cisco Catalyst 9000 Family of Wireless Controllers | Link |
| Critical Software-buffer-overflow and Authentication-bypass Bugs in Cisco CVE-2021-34727 | CVE-2021-1619 | Unknown | 9.8 | Sep 22, 2021 | Cisco SD-WAN Software | Cisco IOS XE Software | Link Link |
| VMware Ransomware-Friendly Arbitrary File Upload Bug in vCenter Server CVE-2021-22005 | POC exploit code available | 9.8 | Sep 21, 2021 | VMware vCenter Server | Link |
| Zero-day Security Vulnerability in Apple’s macOS Finder System No CVE assigned | Unknown | N/A | Sep 21, 2021 | macOS Big Sur and Prior | Link |
| Netgear SOHO Security Bug allowing RCE via A Man-in-the-middle (MiTM) Attack CVE-2021-40847 | POC exploit code available | 8.1 | Sep 20, 2021 | Netgear Small Office/Home Office (SOHO) Routers | Link |
| Adobe Arbitrary Code Execution Vulnerability Affecting Its Core Products CVE-2021-39863 | Unknown | 8.8 | Sep 14, 2021 | Adobe Reader DC | Adobe Acrobat Reader DC | Link |
| OMIGOD Microsoft Zero-day RCE Vulnerability in the Azure Cloud Platform CVE-2021-38647 | POC exploit code available | 9.8 | Sep 14, 2021 | Microsoft Azure Cloud | Link |
| ForcedEntry Apple Zero-day Bugs Exploited by NSO Group CVE-2021-30858 | CVE-2021-30860 | Zero-click exploit available | 8.8 | Sep 13, 2021 | iPhone | iPad | Mac | Apple Watch | Link |
| Google Chrome Use-After-Free (UAF) Zero-Day Bugs CVE-2021-30632 | CVE-2021-30633 | In-the-wild | N/A | Sep 13, 2021 | Google Chrome | Link |
| Zero-Day RCE Vulnerability in Microsoft MSHTML CVE-2021-40444 | Ongoing exploitation | 8.8 | Sep 7, 2021 | Microsoft Windows | Link |
| An Authentication Bypass Bug in the ManageEngine ADSelfService Plus Platform CVE-2021-40539 | Ongoing exploitation | N/A | Sep 7, 2021 | Zoho ManageEngine ADSelfService Plus | Link |
| Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability CVE-2021-34746 | POC exploit code available | 9.8 | Sep 1, 2021 | Cisco Enterprise NFVIS | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Critical Microsoft Azure Cosmos DB Bug
No CVE assigned |
Unknown | N/A | Aug 26, 2021 | Microsoft Azure Cosmos DB | Jupyter Notebook | Link |
| Critical Vulnerability in the Atlassian Confluence Server Platform
CVE-2021-26084 |
Ongoing exploitation | 9.8 | Aug 25, 2021 | Atlassian Confluence Server and Data Center | Link |
| Sudo Bug Privilege Escalation Vulnerability for HPE Aruba
CVE-2021-3156 |
POC exploit code available | 7.8 | Aug 25, 2021 | HPE Aruba AirWave Management Platform | Link |
| Parallels Desktop Privilege Escalation Bug
CVE-2021-34864 |
Unknown | 8.8 | Aug 25, 2021 | Parallels Desktop | Link |
| A Consensus Vulnerability in Go-Ethereum (Geth) EVM Causing a Node to Reject the Canonical Chain
CVE-2021-39137 |
In-the-wild | 7.5 | Aug 24, 2021 | All Geth Versions Supporting the London Hard Fork | Link |
| OpenSSL Bug in the Implementation of the SM2 Decryption Code Leading to a Buffer Overflow when Calling the API Function to Decrypt SM2 Encrypted Data
CVE-2021-3711 |
Unknown | 9.8 | Aug 24, 2021 | OpenSSL versions 1.1.1k and earlier 1.1.1x | Link |
| ThroughTek Critical Bug Allowing Remote Compromise, Control of Millions of IoT devices
CVE-2021-28372 |
Unknown | 8.3 | Aug 17, 2021 | ThroughTek’s Kalay Platform 2.0 | Link |
| Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-36958 |
Unknown | 7.8 | Aug 11, 2021 | Windows Server | Link |
| Realtek Jungle SDK Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-35395 |
Ongoing exploitation | 9.8 | Aug 11, 2021 | Realtek SDK | Realtek “Jungle” SDK | Realtek “Luna” SDK | Link |
| Pulse Connect Secure Vulnerability Allowing an Authenticated Administrator to Perform a File Write via a Maliciously Crafted Archive Uploaded in the Administrator Web Interface
CVE-2021-22937 |
Unknown | 9.1 | Aug 5, 2021 | Pulse Connect Secure before 9.1R12 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Apple Zero-Day Local Privilege Escalation Vulnerability in the IOMobileFrameBuffer
CVE-2021-30807 |
In-the-wild | 7.8 | Jul 26, 2021 | iOS 14.7.1 | iPadOS 14.7.1 | macOS Big Sur 11.5.1 | watchOS 7.6.1 | Link Link Link |
| Jira Remote Code Execution (RCE) Missing Authentication Bug in Atlassian
CVE-2020-36239 |
Unknown | 9.8 | Jul 21, 2021 | Jira Data Center | Jira Service Management Data Center | Link |
| Windows Print Spooler Remote Code Execution Vulnerability
CVE-2021-34481 |
Unknown | 8.8 | Jul 15, 2021 | Windows Server | Link |
| Type Confusion Bug in V8 in Google Chrome
CVE-2021-30563 |
In-the-wild | 8.8 | Jul 15, 2021 | Google Chrome prior to 91.0.4472.164 | Link |
| Remote Code Execution (RCE) Vulnerability in the SolarWinds Serv-U Product
CVE-2021-35211 |
Zero-Day Exploit | 10.0 | Jul 13, 2021 | SolarWinds Serv-U Managed File Transfer | Serv-U Secure FTP for Windows before 15.2.3 HF2 | Link |
| Microsoft Exchange Information Disclosure Vulnerability
CVE-2021-33766 |
Unknown | 7.5 | Jul 13, 2021 | Microsoft Exchange Server | Link |
| Linux Kernel Netfilter Heap Out-Of-Bounds Write Denial-of-Service (DoS) Bug
CVE-2021-22555 |
POC Exploit Code Available | 8.3 | Jul 7, 2021 | Linux since v2.6.19-rc1 | Link |
| Microsoft Exchange Server Remote Code Execution ProxyShell Vulnerability
CVE-2021-34473 |
Unknown | 9.1 | Jul 2, 2021 | Microsoft Exchange Server | Link |
| Windows Print Spooler Remote Code Execution PrintNightmare Vulnerability Leading System Privileges and Running Commands on PCs
CVE-2021-34527 |
POC Exploit Code Available | 8.8 | Jul 1, 2021 | Windows Server | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| ForgeRock AM Pre-Auth Remote Code Execution (RCE) Vulnerability via the Java Deserialization in the Jato Framework
CVE-2021-35464 |
POC Exploit Code Available | 9.8 | Jun 29, 2021 | ForgeRock AM server before 7.0 | Link |
| NVIDIA Trusty Driver Buffer Overflow Vulnerability
CVE‑2021‑34372 |
Unknown | 8.2 | Jun 22, 2021 | NVIDIA Jetson | Link |
| Google Chrome Use After Free Bug in BFCache
CVE-2021-30544 |
Unknown | 9.8 | Jun 9, 2021 | Google Chrome prior to 91.0.4472.101 | Link |
| Windows NTFS Elevation of Privilege Vulnerability
CVE-2021-31956 |
In-the-wild | 7.8 | Jun 8, 2021 | Windows Server | Link |
| Windows MSHTML Platform Remote Code Execution (RCE) Vulnerability
CVE-2021-33742 |
In-the-wild | 8.8 | Jun 8, 2021 | Windows Server | Link |
| Local Privilege Escalation vulnerability in Intel Virtualization Technology for Directed I/O (VT-d)
CVE-2021-24489 |
Unknown | 8.8 | Jun 8, 2021 | Intel Core Processors | Intel Pentium Processors | Intel Celeron Processors | Intel Atom Processors | Link |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2021-33739 |
In-the-wild | 8.4 | Jun 8, 2021 | Windows 10 | Link |
| Windows NTLM Elevation of Privilege Vulnerability
CVE-2021-31958 |
Unknown | 8.8 | Jun 8, 2021 | Windows Server | Link |
| Android System Out of Bounds Read and Write due to a Use After Free Elevation-of-Privilege (EoP) Bug
CVE-2021-0516 |
Unknown | 9.8 | Jun 2, 2021 | AOSP versions 8.1, 9, 10, 11 | Link |
| Windows Print Spooler Remote Code Execution (RCE) Vulnerability
CVE-2021-1675 |
Unknown | 8.8 | Jun 1, 2021 | Windows Server | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Apache Dubbo Pre-Auth Remote Code Execution (RCE) Bug via Java Deserialization in the Generic filter
CVE-2021-30179 |
POC Exploit Code Available | 9.8 | May 31, 2021 | Dubbo all 2.5.x, 2.6.x and 2.7.x versions | Link |
| Privilege Escalation Vulnerability in Dell DBUtil Driver
CVE-2021-21551 |
In-the-wild | 7.8 | May 31, 2021 | DBUtil: 2.3 | Link |
| VMware vCenter Server Remote Code Execution and Authentication Vulnerabilities in vSphere Client (HTML5)
CVE-2021-21985 | CVE-2021-21986 |
POC Exploit Code Available | 9.8 | May 26, 2021 | VMware vCenter Server | VMware Cloud Foundation | Link |
| Apple Multiple Memory Corruption Vulnerability
CVE-2021-30734 |
POC Exploit Code Available | 8.8 | May 24, 2021 | iOS 14.6 | iPadOS 14.6 | macOS Big Sur 11.5.1 | Safari 14.1.1 | Link Link Link |
| Pulse Connect Secure Buffer Overflow Arbitrary Code Execution (ACE) Bug in Windows File Resource Profiles in 9.X
CVE-2021-22908 |
Unknown | 8.8 | May 24, 2021 | Pulse Connect Secure versions 9.0Rx and 9.1Rx | Link |
| McAfee Arbitrary Process Execution Privilege Escalation Bugs
CVE-2021-23873 | CVE-2021-23874 | CVE-2021-23875 | CVE-2021-23876 |
POC Exploit Code Available | 7.8 | May 24, 2021 | McAfee Total Protection Prior to 16.0.30 | Link |
| Microsoft Critical Hyper-V Remote Code Execution Vulnerability
CVE-2021-28476 |
Unknown | 9.9 | May 11, 2021 | Windows Server | Link |
| Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2021-31166 |
Unknown | 9.8 | May 11, 2021 | Windows 10 | Link |
| Adobe Critical Use After Free Arbitrary code execution Vulnerabilities
CVE-2021-28562 | CVE-2021-28550 | CVE-2021-28553 |
In-the-wild | 8.8 | May 11, 2021 | Acrobat Reader DC | Link |
| Privilege Escalation Vulnerability in Linux kernel
CVE-2021-3490 |
POC Exploit Code Available | 7.8 | May 10, 2021 | Linux kernel Operating System | Link |
| Critical Authentication Bypass Vulnerability on Python
CVE-2021-29921 |
Unknown | 9.8 | May 6, 2021 | Python 3.10 | Python 3.9 | Python 3.8 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Buffalo Path Traversal Vulnerability in the Web Interfaces Leading to Bypass Authentication
CVE-2021-20090 |
In-the-wild | 9.8 | Apr 29, 2021 | Buffalo WSR-2533DHPL2 firmware version <= 1.02 | WSR-2533DHP3 firmware version <= 1.24 | Link |
| Unauthenticated Arbitrary Remote Code Execution Use After Free Bug via License Services in Pulse Connect Secure
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
In-the-wild | 10.0 | Apr 23, 2021 | Pulse Connect Secure before 9.1R11.4 | Link |
| Google Out of Bounds Memory Access Vulnerability Allowing a Remote Attacker to Exploit Heap Corruption via a Crafted HTML Page
CVE-2021-22893 | CVE-2021-22894 | CVE-2021-22899 | CVE-2021-22900 |
Unknown | 8.8 | Apr 22, 2021 | V8 in Google Chrome prior to 90.0.4430.85 | Link |
| Critical Unauthenticated Remote Code Execution (RCE) Bug in Apache Tapestry Bypass of the Fix for CVE-2019-0195
CVE-2021-27850 |
POC Exploit Code Available | 9.8 | Apr 15, 2021 | Apache Tapestry versions 5.4.5, 5.5.0, 5.6.2 and 5.7.0 | Link |
| Denial of Service (DoS) Arbitrary Code Execution (ACE) Bugs in Ubuntu Linux Kernels
CVE-2021-3492 | CVE-2021-3493 |
Unknown | 7.8 | Apr 15, 2021 | Linux | Link |
| Multiple Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-28480 | CVE-2021-28481 | CVE-2021-28482 | CVE-2021-28483 |
POC Exploit Code Available | 9.8 | Apr 13, 2021 | Microsoft Exchange Server | Link |
| Windows Zero-Day Win32k Elevation of Privilege Vulnerability in Desktop Window Manager
CVE-2021-28310 |
In-the-wild | 7.8 | Apr 13, 2021 | Windows 10 | Link |
| Windows Installer Elevation of Privilege Vulnerability
CVE-2021-26415 |
POC Exploit Code Available | 7.8 | Apr 13, 2021 | Windows Server | Link |
| Arbitrary File Write Vulnerability in vRealize Operations Manager API
CVE-2021-21975 |
POC Exploit Code Available | 7.5 | Apr 13, 2021 | VMware vRealize Operations | Link |
| WhatsApp Cache Configuration Vulnerability
CVE-2021-24027 |
POC Exploit Code Available | 7.5 | Apr 6, 2021 | WhatsApp for Android v2.21.4.18 | WhatsApp Business for Android v2.21.4.18 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Remote Code Execution Vulnerability in Apache OFBiz via Java Deserialization
CVE-2021-26295 |
POC Exploit Code Available | 9.8 | Mar 22, 2021 | Apache OFBiz | Link |
| Google Chrome Use After Free and Heap Buffer Overflow Bugs in WebRTC and in Blink
CVE-2021-21191 | CVE-2021-21192 | CVE-2021-21193 |
In-the-wild | 8.8 | Mar 12, 2021 | Google Chrome prior to 89.0.4389.90 | Link |
| Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2021-26868 |
Unknown | 7.8 | Mar 9, 2021 | Windows 10 | Link |
| Internet Explorer Memory Corruption Vulnerability
CVE-2021-26411 |
In-the-wild | 8.8 | Mar 9, 2021 | Internet Explorer | Microsoft Edge | Link |
| Microsoft ProxyLogon Exchange Server Remote Code Execution Vulnerabilities
CVE-2021-26855 | CVE-2021-26857 | CVE-2021-26858 | CVE-2021-27065 |
In-the-wild | 9.8 | Mar 2, 2021 | Microsoft Exchange Server | Link Link Link Link |
| VMware Remote Code Execution (RCE) Vulnerability Leading to Arbitrary File Upload in Logupload Web Application
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
| BIG-IP Appliance Mode TMUI Authenticated Remote Command Execution Bug
CVE-2021-22987 |
Unknown | 9.9 | Mar 2, 2021 | BIG-IP | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Windows TCP/IP Denial of Service (DoS) Vulnerability
CVE-2021-24086 |
POC Exploit Code Available | 7.5 | Feb 29, 2021 | Windows 10 | Link |
| Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021- 1361 |
Unknown | 9.1 | Feb 24, 2021 | Cisco NX-OS Software 9.3(5) and 9.3(6) | Link |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-21972 | CVE-2021-21973 | CVE-2021-21974 |
POC Exploit Code Available | 9.8 | Feb 23, 2021 | VMware ESXi | VMware vCenter Server | VMware Cloud Foundation | Link |
| Accellion Zero-Day SQL Injection, Server-Side Request Forgery and OS Command Execution Vulnerabilities
CVE-2021-27101 | CVE-2021-27102 | CVE-2021-27103 | CVE-2021-27104 |
Unknown | 9.8 | Feb 16, 2021 | Accellion FTA 9_12_370 and earlier | Link |
| Adobe Heap-Based Buffer Overflow Arbitrary Code Execution (ACE) Vulnerability
CVE-2021-21017 |
In-the-wild | 8.8 | Feb 11, 2021 | Acrobat Reader DC | Link |
| VMware Post-Authentication OS Command Injection Remote Code execution (RCE) Bug
CVE-2021-21976 |
Unknown | 7.2 | Feb 11, 2021 | vSphere Replication | Link |
| Windows TCP/IP Remote Code Execution Vulnerability
CVE-2021-24074 | CVE-2021-24094 |
POC Exploit Code Available | 9.8 | Feb 9, 2021 | Windows 10 | Link Link |
| Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-1732 |
In-the-wild | 7.8 | Feb 9, 2021 | Windows 10 | Link |
| Google Chrome Heap Buffer Overflow Remote Code execution (RCE) Vulnerability
CVE-2021-21148 |
In-the-wild | 8.8 | Feb 9, 2021 | Google Chrome prior to 88.0.4324.150 | Link |
| Remote Code Execution (RCE) Bug in SAP Commerce
CVE-2021-21477 |
Unknown | 9.9 | Feb 9, 2021 | SAP Commerce Cloud 1808, 1811, 1905, 2005, 2011 | Link |
| Vulnerability | Exploitation Status | CVSSv3 | Release Date | Products | References |
| Sudo Off-by-One Heap-Based Buffer Overflow Privilege Escalation Bug
CVE-2021-3156 |
In-the-wild | 7.8 | Jan 29, 2021 | Sudo before 1.9.5p2 | Link |
| Apache Druid Arbitrary User-Provided JavaScript Code Execution Bug
CVE-2021-25646 |
POC Exploit Code Available | 8.8 | Jan 29, 2021 | Apache Druid | Link |
| Oracle Fusion Middleware Easily Exploitable Bug Leading Network Access via HTTP to Compromise Oracle WebLogic Server
CVE-2021-2109 |
POC Exploit Code Available | 7.2 | Jan 20, 2021 | Oracle WebLogic Server | Link |
| Python 3 Heap Buffer Overflow Remote Code execution (RCE) Bug
CVE-2021-3177 |
Unknown | 8.8 | Jan 19, 2021 | Python 3.10, 3.9, 3.8, 3.7, 3.6 | Link |
| Cisco Connected Mobile Experiences (CMX) Privilege Escalation Vulnerability
CVE-2021-1144 |
Unknown | 8.8 | Jan 13, 2021 | Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2 | Link |
| Microsoft Defender Remote Code Execution Vulnerability
CVE-2021-1647 |
In-the-wild | 7.8 | Jan 12, 2021 | Windows Defender | Link |
| Lavarel Ignition Unauthenticated Arbitrary Remote Code Execution Vulnerability
CVE-2021-3129 |
POC Exploit Code Available | 9.8 | Jan 12, 2021 | Laravel before 8.4.2 | Link |
| Android Out of Bounds Write Remote Code Execution Vulnerability
CVE-2021-3007 |
Unknown | 9.8 | Jan 4, 2021 | AOSP 8.0, 8.1, 9, 10, 11 | Link |
