Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-26987 |
|
Out-of-Bounds Write in tp-link (CVE-2022-26987)
out-of-bounds write in tp-link (CVE-2022-26987). Successful exploitation can lead to full system takeover. Exploitable via ``MmtAtePrase``.
|
| CVE-2022-1388 KEV |
|
[KEV] Vulnerability in F5 big-ip (CVE-2022-1388)
vulnerability in F5 big-ip (CVE-2022-1388). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-27224 |
|
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...
|
| CVE-2021-43164 |
|
OS Command Injection in ruijienetworks (CVE-2021-43164)
OS command injection in ruijienetworks (CVE-2021-43164). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43161 |
|
Command Injection in ruijienetworks (CVE-2021-43161)
command injection in ruijienetworks (CVE-2021-43161). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43160 |
|
Command Injection in ruijienetworks (CVE-2021-43160)
command injection in ruijienetworks (CVE-2021-43160). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43159 |
|
Command Injection in ruijienetworks (CVE-2021-43159)
command injection in ruijienetworks (CVE-2021-43159). Successful exploitation can lead to full system takeover.
|
| CVE-2021-43162 |
|
Command Injection in ruijienetworks (CVE-2021-43162)
command injection in ruijienetworks (CVE-2021-43162). Successful exploitation can lead to full system takeover.
|
| CVE-2021-1789 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2021-1789)
vulnerability in Apple multiple-products (CVE-2021-1789). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-8506 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2019-8506)
vulnerability in Apple multiple-products (CVE-2019-8506). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-4113 KEV |
|
[KEV] Vulnerability in Microsoft win32k (CVE-2014-4113)
vulnerability in Microsoft win32k (CVE-2014-4113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0322 KEV |
|
[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2014-0322)
vulnerability in Microsoft internet-explorer (CVE-2014-0322). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0160 KEV |
|
[KEV] Out-of-Bounds Read in openssl (CVE-2014-0160)
vulnerability in openssl (CVE-2014-0160). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-25647 |
|
Unsafe Deserialization in com.google.code.gson:gson (CVE-2022-25647)
vulnerability in com.google.code.gson:gson (CVE-2022-25647). Data can be tampered with by attackers. Mitigation: upgrade to `2.8.9` or later.
|
| CVE-2021-44595 |
|
Vulnerability in wondershare (CVE-2021-44595)
vulnerability in wondershare (CVE-2021-44595). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36460 |
|
Authentication Bypass in veryfitpro-project (CVE-2021-36460)
authentication bypass in veryfitpro-project (CVE-2021-36460). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29464 KEV |
|
[KEV] Path Traversal in Wso2 multiple-products (CVE-2022-29464)
path traversal in Wso2 multiple-products (CVE-2022-29464). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26904 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-26904)
vulnerability in Microsoft windows (CVE-2022-26904). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-21919 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-21919)
vulnerability in Microsoft windows (CVE-2022-21919). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-0847 KEV |
|
[KEV] Vulnerability in :linux_kernel: (CVE-2022-0847)
vulnerability in :linux_kernel: (CVE-2022-0847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `:2022-05-05` or later.
|
| CVE-2021-41357 KEV |
|
[KEV] Vulnerability in Microsoft win32k (CVE-2021-41357)
vulnerability in Microsoft win32k (CVE-2021-41357). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-40450 KEV |
|
[KEV] Vulnerability in Microsoft win32k (CVE-2021-40450)
vulnerability in Microsoft win32k (CVE-2021-40450). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-1003029 KEV |
|
[KEV] Vulnerability in Jenkins script-security-plugin (CVE-2019-1003029)
vulnerability in Jenkins script-security-plugin (CVE-2019-1003029). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-0354 |
|
Code Injection in lenovo (CVE-2022-0354)
code injection in lenovo (CVE-2022-0354). Successful exploitation can lead to full system takeover.
|
| CVE-2022-27406 |
|
Out-of-Bounds Read in freetype (CVE-2022-27406)
vulnerability in freetype (CVE-2022-27406). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-29534 |
|
Authentication Bypass in misp-project (CVE-2022-29534)
authentication bypass in misp-project (CVE-2022-29534). Data can be tampered with by attackers.
|
| CVE-2022-20773 |
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
|
| CVE-2018-6882 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2018-6882)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2018-6882). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-3568 KEV |
|
[KEV] Vulnerability in Meta platforms meta-platforms (CVE-2019-3568)
vulnerability in Meta platforms meta-platforms (CVE-2019-3568). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22718 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-22718)
vulnerability in Microsoft windows (CVE-2022-22718). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-26901 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2022-26826 |
|
Command Injection in microsoft (CVE-2022-26826)
command injection in microsoft (CVE-2022-26826). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26795 |
|
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
|
| CVE-2022-24473 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2022-22960 KEV |
|
[KEV] Vulnerability in Vmware multiple-products (CVE-2022-22960)
vulnerability in Vmware multiple-products (CVE-2022-22960). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-1364 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2022-1364)
vulnerability in Google chromium-v8 (CVE-2022-1364). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-3929 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Crestron multiple-products (CVE-2019-3929)
cross-site scripting in Crestron multiple-products (CVE-2019-3929). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-16057 KEV |
|
[KEV] OS Command Injection in D-link dns-320-storage-device (CVE-2019-16057)
OS command injection in D-link dns-320-storage-device (CVE-2019-16057). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-7841 KEV |
|
[KEV] SQL Injection in Schneider electric schneider-electric (CVE-2018-7841)
SQL injection in Schneider electric schneider-electric (CVE-2018-7841). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-4523 KEV |
|
[KEV] Buffer Overflow in Trihedral vtscada-formerly-vts (CVE-2016-4523)
vulnerability in Trihedral vtscada-formerly-vts (CVE-2016-4523). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0780 KEV |
|
[KEV] Path Traversal in Indusoft web-studio (CVE-2014-0780)
path traversal in Indusoft web-studio (CVE-2014-0780). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2010-5330 KEV |
|
[KEV] Command Injection in Ubiquiti airos (CVE-2010-5330)
command injection in Ubiquiti airos (CVE-2010-5330). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2007-3010 KEV |
|
[KEV] Vulnerability in Alcatel omnipcx-enterprise (CVE-2007-3010)
vulnerability in Alcatel omnipcx-enterprise (CVE-2007-3010). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22954 KEV |
|
[KEV] Code Injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954)
code injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24521 KEV |
|
[KEV] Out-of-Bounds Write in Microsoft windows (CVE-2022-24521)
out-of-bounds write in Microsoft windows (CVE-2022-24521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-7602 KEV |
|
[KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-20753 KEV |
|
[KEV] Vulnerability in Kaseya virtual-systemserver-administrator-vsa (CVE-2018-20753)
vulnerability in Kaseya virtual-systemserver-administrator-vsa (CVE-2018-20753). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-5123 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5123)
vulnerability in Adobe flash-player (CVE-2015-5123). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-5122 KEV |
|
[KEV] Use-After-Free in Adobe flash-player (CVE-2015-5122)
vulnerability in Adobe flash-player (CVE-2015-5122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-3113 KEV |
|
[KEV] Buffer Overflow in Adobe flash-player (CVE-2015-3113)
vulnerability in Adobe flash-player (CVE-2015-3113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|