Security Vulnerabilities - Known exploited
CVE-2022-23748
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
Known exploited
CVSS Score
7.8
EPSS Score
0.117
Published
2022-11-17
CVE-2022-41125
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.007
Published
2022-11-09
CVE-2022-41128
Windows Scripting Languages Remote Code Execution Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.392
Published
2022-11-09
CVE-2022-41091
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.055
Published
2022-11-09
CVE-2022-41073
Windows Print Spooler Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.025
Published
2022-11-09
CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
Known exploited
CVSS Score
8.8
EPSS Score
0.938
Published
2022-11-09
CVE-2022-41049
Windows Mark of the Web Security Feature Bypass Vulnerability
Known exploited
CVSS Score
5.4
EPSS Score
0.131
Published
2022-11-09
CVE-2022-31199
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.
Known exploited
CVSS Score
9.8
EPSS Score
0.081
Published
2022-11-08
CVE-2022-3723
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.005
Published
2022-11-01
CVE-2022-42827
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
7.8
EPSS Score
0.002
Published
2022-11-01