31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 601–650 of 1,619 in KEV · page 13 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2022-41080 | CVE-2022-41080 KEVCVSS 8.8microsoft | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-41073 | CVE-2022-41073 KEVCVSS 7.8microsoft | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2022-41049 | CVE-2022-41049 KEVCVSS 5.4microsoft | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2022-41040 | CVE-2022-41040 KEVCVSS 8.8microsoft | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2022-41033 | CVE-2022-41033 KEVCVSS 7.8microsoft | Windows COM+ Event System Service Elevation of Privilege Vulnerability |
| CVE-2022-40799 | CVE-2022-40799 KEVCVSS 8.8dlink | Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. |
| CVE-2022-40765 | CVE-2022-40765 KEVCVSS 6.8mitel | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network … |
| CVE-2022-40684 | CVE-2022-40684 KEVCVSS 9.8fortinet | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy versi… |
| CVE-2022-40139 | CVE-2022-40139 KEVCVSS 7.2trendmicro | Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex … |
| CVE-2022-39197 | Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability KEVFortra | Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon c… |
| CVE-2022-38181 | Arm Mali GPU Kernel Driver Use-After-Free Vulnerability KEVArm | Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. |
| CVE-2022-38028 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with… |
| CVE-2022-37969 | Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2022-3723 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.… |
| CVE-2022-37055 | D-Link Routers Buffer Overflow Vulnerability KEVD-Link | D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be … |
| CVE-2022-37042 | Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-… |
| CVE-2022-36804 | Atlassian Bitbucket Server and Data Center Command Injection Vulnerability KEVAtlassian | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbuc… |
| CVE-2022-36537 | ZK Framework AuUploader Unspecified Vulnerability KEVZK Framework | ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context… |
| CVE-2022-35914 | Teclib GLPI Remote Code Execution Vulnerability KEVTeclib | Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. |
| CVE-2022-35405 | Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability KEVZoho | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution. |
| CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. |
| CVE-2022-33891 | Apache Spark Command Injection Vulnerability KEVApache | Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. |
| CVE-2022-32917 | Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability KEVApple | Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel p… |
| CVE-2022-32894 | Apple iOS and macOS Out-of-Bounds Write Vulnerability KEVApple | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. |
| CVE-2022-32893 | Apple iOS and macOS Out-of-Bounds Write Vulnerability KEVApple | Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. |
| CVE-2022-3236 | Sophos Firewall Code Injection Vulnerability KEVSophos | A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. |
| CVE-2022-31199 | Netwrix Auditor Insecure Object Deserialization Vulnerability KEVNetwrix | Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote att… |
| CVE-2022-3075 | Google Chromium Mojo Insufficient Data Validation Vulnerability KEVGoogle | Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potenti… |
| CVE-2022-30525 | Zyxel Multiple Firewalls OS Command Injection Vulnerability KEVZyxel | A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS … |
| CVE-2022-3038 | Google Chromium Network Service Use-After-Free Vulnerability KEVGoogle | Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML… |
| CVE-2022-30333 | RARLAB UnRAR Directory Traversal Vulnerability KEVRARLAB | RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. |
| CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability KEVMicrosoft | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully e… |
| CVE-2022-29499 | Mitel MiVoice Connect Data Validation Vulnerability KEVMitel | The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. |
| CVE-2022-29464 | WSO2 Multiple Products Unrestrictive Upload of File Vulnerability KEVWSO2 | Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. |
| CVE-2022-29303 | SolarView Compact Command Injection Vulnerability KEVSolarView | SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web serv… |
| CVE-2022-28810 | Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability KEVZoho | Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. |
| CVE-2022-2856 | Google Chromium Intents Insufficient Input Validation Vulnerability KEVGoogle | Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via… |
| CVE-2022-27926 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing. |
| CVE-2022-27925 | Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform… |
| CVE-2022-27924 | Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached … |
| CVE-2022-27593 | QNAP Photo Station Externally Controlled Reference Vulnerability KEVQNAP | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacke… |
| CVE-2022-27518 | Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability KEVCitrix | Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability tha… |
| CVE-2022-26925 | Microsoft Windows LSA Spoofing Vulnerability KEVMicrosoft | Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the at… |
| CVE-2022-26923 | Microsoft Active Directory Domain Services Privilege Escalation Vulnerability KEVMicrosoft | An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services… |
| CVE-2022-26904 | Microsoft Windows User Profile Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2022-26871 | Trend Micro Apex Central Arbitrary File Upload Vulnerability KEVTrend Micro | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. |
| CVE-2022-26501 | Veeam Backup & Replication Remote Code Execution Vulnerability KEVVeeam | The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can sen… |
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability KEVVeeam | The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can sen… |
| CVE-2022-26486 | Mozilla Firefox Use-After-Free Vulnerability KEVMozilla | Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. |
| CVE-2022-26485 | Mozilla Firefox Use-After-Free Vulnerability KEVMozilla | Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. |