Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2018-6882 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2018-6882)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2018-6882). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-3568 KEV |
|
[KEV] Vulnerability in Meta platforms meta-platforms (CVE-2019-3568)
vulnerability in Meta platforms meta-platforms (CVE-2019-3568). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26826 |
|
Command Injection in microsoft (CVE-2022-26826)
command injection in microsoft (CVE-2022-26826). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26795 |
|
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
|
| CVE-2022-26594 |
|
Cross-Site Scripting (XSS) in liferay (CVE-2022-26594)
cross-site scripting in liferay (CVE-2022-26594). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-7841 KEV |
|
[KEV] SQL Injection in Schneider electric schneider-electric (CVE-2018-7841)
SQL injection in Schneider electric schneider-electric (CVE-2018-7841). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2010-5330 KEV |
|
[KEV] Command Injection in Ubiquiti airos (CVE-2010-5330)
command injection in Ubiquiti airos (CVE-2010-5330). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2007-3010 KEV |
|
[KEV] Vulnerability in Alcatel omnipcx-enterprise (CVE-2007-3010)
vulnerability in Alcatel omnipcx-enterprise (CVE-2007-3010). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-3929 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Crestron multiple-products (CVE-2019-3929)
cross-site scripting in Crestron multiple-products (CVE-2019-3929). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-16057 KEV |
|
[KEV] OS Command Injection in D-link dns-320-storage-device (CVE-2019-16057)
OS command injection in D-link dns-320-storage-device (CVE-2019-16057). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22960 KEV |
|
[KEV] Vulnerability in Vmware multiple-products (CVE-2022-22960)
vulnerability in Vmware multiple-products (CVE-2022-22960). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-1364 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2022-1364)
vulnerability in Google chromium-v8 (CVE-2022-1364). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0780 KEV |
|
[KEV] Path Traversal in Indusoft web-studio (CVE-2014-0780)
path traversal in Indusoft web-studio (CVE-2014-0780). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-4523 KEV |
|
[KEV] Buffer Overflow in Trihedral vtscada-formerly-vts (CVE-2016-4523)
vulnerability in Trihedral vtscada-formerly-vts (CVE-2016-4523). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22954 KEV |
|
[KEV] Code Injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954)
code injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24521 KEV |
|
[KEV] Out-of-Bounds Write in Microsoft windows (CVE-2022-24521)
out-of-bounds write in Microsoft windows (CVE-2022-24521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-3113 KEV |
|
[KEV] Buffer Overflow in Adobe flash-player (CVE-2015-3113)
vulnerability in Adobe flash-player (CVE-2015-3113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-2502 KEV |
|
[KEV] Buffer Overflow in Microsoft internet-explorer (CVE-2015-2502)
vulnerability in Microsoft internet-explorer (CVE-2015-2502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-5123 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5123)
vulnerability in Adobe flash-player (CVE-2015-5123). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-5122 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5122)
vulnerability in Adobe flash-player (CVE-2015-5122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-0313 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2015-0313)
vulnerability in Adobe flash-player (CVE-2015-0313). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-27262 |
|
Unrestricted File Upload in sailsjs (CVE-2022-27262)
vulnerability in sailsjs (CVE-2022-27262). Successful exploitation can lead to full system takeover.
|
| CVE-2022-28397 |
|
Unrestricted File Upload in ghost (CVE-2022-28397)
vulnerability in ghost (CVE-2022-28397). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27260 |
|
Unrestricted File Upload in buttercms (CVE-2022-27260)
vulnerability in buttercms (CVE-2022-27260). Successful exploitation can lead to full system takeover.
|
| CVE-2021-37293 |
|
Path Traversal in path-traversal (CVE-2021-37293)
path traversal in path-traversal (CVE-2021-37293). Confidential information can be exposed externally.
|
| CVE-2021-37291 |
|
SQL Injection in sqli (CVE-2021-37291)
SQL injection in sqli (CVE-2021-37291). Successful exploitation can lead to full system takeover.
|
| CVE-2021-40219 |
|
Code Injection in bolt (CVE-2021-40219)
code injection in bolt (CVE-2021-40219). Successful exploitation can lead to full system takeover.
|
| CVE-2021-39793 KEV |
|
[KEV] Out-of-Bounds Write in Google pixel (CVE-2021-39793)
out-of-bounds write in Google pixel (CVE-2021-39793). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-27852 KEV |
|
[KEV] Unsafe Deserialization in checkbox (CVE-2021-27852)
vulnerability in checkbox (CVE-2021-27852). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42287 KEV |
|
[KEV] Privilege Escalation in Microsoft active-directory (CVE-2021-42287)
vulnerability in Microsoft active-directory (CVE-2021-42287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-11317 KEV |
|
[KEV] Vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11317)
vulnerability in Telerik user-interface-ui-for-aspnet-ajax (CVE-2017-11317). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-2509 KEV |
|
[KEV] Command Injection in qnap (CVE-2020-2509)
command injection in qnap (CVE-2020-2509). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42278 KEV |
|
[KEV] Vulnerability in Microsoft active-directory (CVE-2021-42278)
vulnerability in Microsoft active-directory (CVE-2021-42278). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22600 KEV |
|
[KEV] Vulnerability in :linux_kernel: (CVE-2021-22600)
vulnerability in :linux_kernel: (CVE-2021-22600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `:2022-05-05` or later.
|
| CVE-2021-43432 |
|
Cross-Site Scripting (XSS) in exrick (CVE-2021-43432)
cross-site scripting in exrick (CVE-2021-43432). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-27375 |
|
SSRF (Server-Side Request Forgery) in drtrustusa (CVE-2020-27375)
SSRF in drtrustusa (CVE-2020-27375). Data can be tampered with by attackers.
|
| CVE-2020-27376 |
|
Vulnerability in drtrustusa (CVE-2020-27376)
vulnerability in drtrustusa (CVE-2020-27376). Successful exploitation can lead to full system takeover.
|
| CVE-2020-27374 |
|
Vulnerability in drtrustusa (CVE-2020-27374)
vulnerability in drtrustusa (CVE-2020-27374). Successful exploitation can lead to full system takeover.
|
| CVE-2020-27373 |
|
OS Command Injection in drtrustusa (CVE-2020-27373)
OS command injection in drtrustusa (CVE-2020-27373). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26251 |
|
Privilege Escalation in synametrics (CVE-2022-26251)
vulnerability in synametrics (CVE-2022-26251). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26607 |
|
Unrestricted File Upload in baigo (CVE-2022-26607)
vulnerability in baigo (CVE-2022-26607). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26250 |
|
Vulnerability in synametrics (CVE-2022-26250)
vulnerability in synametrics (CVE-2022-26250). Successful exploitation can lead to full system takeover.
|
| CVE-2021-3156 KEV |
|
[KEV] Vulnerability in sudo (CVE-2021-3156)
vulnerability in sudo (CVE-2021-3156). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0148 KEV |
|
[KEV] Vulnerability in Microsoft smbv1-server (CVE-2017-0148)
vulnerability in Microsoft smbv1-server (CVE-2017-0148). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-31166 KEV |
|
[KEV] Use-After-Free in Microsoft http-protocol-stack (CVE-2021-31166)
vulnerability in Microsoft http-protocol-stack (CVE-2021-31166). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26281 |
|
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
|
| CVE-2022-22675 KEV |
|
[KEV] Vulnerability in Apple macos (CVE-2022-22675)
vulnerability in Apple macos (CVE-2022-22675). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22674 KEV |
|
[KEV] Vulnerability in Apple macos (CVE-2022-22674)
vulnerability in Apple macos (CVE-2022-22674). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-45382 KEV |
|
[KEV] OS Command Injection in D-link multiple-routers (CVE-2021-45382)
OS command injection in D-link multiple-routers (CVE-2021-45382). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22965 KEV |
|
[KEV] Code Injection in Vmware spring-framework (CVE-2022-22965)
code injection in Vmware spring-framework (CVE-2022-22965). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|