31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 651–700 of 1,619 in KEV · page 14 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2022-26352 | dotCMS Unrestricted Upload of File Vulnerability KEVdotCMS | dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file i… |
| CVE-2022-26318 | WatchGuard Firebox and XTM Appliances Arbitrary Code Execution KEVWatchGuard | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. |
| CVE-2022-26258 | D-Link DIR-820L Remote Code Execution Vulnerability KEVD-Link | D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. |
| CVE-2022-26143 | MiCollab, MiVoice Business Express Access Control Vulnerability KEVMitel | A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive informat… |
| CVE-2022-26138 | Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability KEVAtlassian | Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use t… |
| CVE-2022-26134 | Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability KEVAtlassian | Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code ex… |
| CVE-2022-2586 | Linux Kernel Use-After-Free Vulnerability KEVLinux | Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges. |
| CVE-2022-24990 | TerraMaster OS Remote Command Execution Vulnerability KEVTerraMaster | TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. |
| CVE-2022-24816 | OSGeo GeoServer JAI-EXT Code Injection Vulnerability KEVOSGeo | OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, c… |
| CVE-2022-24706 | Apache CouchDB Insecure Default Initialization of Resource Vulnerability KEVApache | Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. |
| CVE-2022-24682 | Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability KEVSynacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitra… |
| CVE-2022-24521 | Microsoft Windows CLFS Driver Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2022-24112 | Apache APISIX Authentication Bypass Vulnerability KEVApache | Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. |
| CVE-2022-24086 | Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability KEVAdobe | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. |
| CVE-2022-23748 | Dante Discovery Process Control Vulnerability KEVAudinate | Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this … |
| CVE-2022-23227 | NUUO NVRmini2 Devices Missing Authentication Vulnerability KEVNUUO | NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be a… |
| CVE-2022-23176 | WatchGuard Firebox and XTM Privilege Escalation Vulnerability KEVWatchGuard | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via expos… |
| CVE-2022-23134 | Zabbix Frontend Improper Access Control Vulnerability KEVZabbix | Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. |
| CVE-2022-23131 | Zabbix Frontend Authentication Bypass Vulnerability KEVZabbix | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. |
| CVE-2022-22965 | Spring Framework JDK 9+ Remote Code Execution Vulnerability KEVVMware | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. |
| CVE-2022-22963 | VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability KEVVMware Tanzu | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression… |
| CVE-2022-22960 | VMware Multiple Products Privilege Escalation Vulnerability KEVVMware | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scrip… |
| CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability KEVVMware | VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. |
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability KEVVMware | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive inform… |
| CVE-2022-22947 | VMware Spring Cloud Gateway Code Injection Vulnerability KEVVMware | Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. |
| CVE-2022-2294 | WebRTC Heap Buffer Overflow Vulnerability KEVWebRTC | WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to pe… |
| CVE-2022-22718 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. |
| CVE-2022-22706 | Arm Mali GPU Kernel Driver Unspecified Vulnerability KEVArm | Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages. |
| CVE-2022-22675 | Apple macOS Out-of-Bounds Write Vulnerability KEVApple | macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. |
| CVE-2022-22674 | Apple macOS Out-of-Bounds Read Vulnerability KEVApple | macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. |
| CVE-2022-22620 | Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability KEVApple | Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This v… |
| CVE-2022-22587 | Apple Memory Corruption Vulnerability KEVApple | Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. |
| CVE-2022-22536 | SAP Multiple Products HTTP Request Smuggling Vulnerability KEVSAP | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smugg… |
| CVE-2022-22265 | Samsung Mobile Devices Use-After-Free Vulnerability KEVSamsung | Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. |
| CVE-2022-22071 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability KEVQualcomm | Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in p… |
| CVE-2022-22047 | Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. |
| CVE-2022-21999 | Microsoft Windows Print Spooler Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. |
| CVE-2022-21971 | Microsoft Windows Runtime Remote Code Execution Vulnerability KEVMicrosoft | Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. |
| CVE-2022-21919 | Microsoft Windows User Profile Service Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2022-21882 | Microsoft Win32k Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2022-21587 | Oracle E-Business Suite Unspecified Vulnerability KEVOracle | Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web App… |
| CVE-2022-21445 | Oracle ADF Faces Deserialization of Untrusted Data Vulnerability KEVOracle | Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated r… |
| CVE-2022-20821 | Cisco IOS XR Open Port Vulnerability KEVCisco | Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow acces… |
| CVE-2022-20775 | Cisco SD-WAN Path Traversal Vulnerability KEVCisco | Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access contr… |
| CVE-2022-20708 | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability KEVCisco | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary cod… |
| CVE-2022-20703 | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability KEVCisco | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary cod… |
| CVE-2022-20701 | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability KEVCisco | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary cod… |
| CVE-2022-20700 | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability KEVCisco | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary cod… |
| CVE-2022-20699 | Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability KEVCisco | A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary cod… |
| CVE-2022-1388 | F5 BIG-IP Missing Authentication Vulnerability KEVF5 | F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or dis… |