Security Vulnerabilities - Known exploited
CVE-2022-26871
An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.194
Published
2022-03-29
CVE-2022-22948
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Known exploited
CVSS Score
6.5
EPSS Score
0.26
Published
2022-03-29
CVE-2022-26258
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
Known exploited
CVSS Score
9.8
EPSS Score
0.872
Published
2022-03-28
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-03-25
CVE-2022-22620
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
8.8
EPSS Score
0.04
Published
2022-03-18
CVE-2022-22587
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Known exploited
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-18
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Known exploited
CVSS Score
8.8
EPSS Score
0.19
Published
2022-03-17
CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Known exploited
CVSS Score
9.8
EPSS Score
0.667
Published
2022-03-17
CVE-2021-39793
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A
Known exploited
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-16
CVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack.
Known exploited
CVSS Score
9.8
EPSS Score
0.891
Published
2022-03-10