130 CISA Known Exploited Vulnerabilities from 2022
OSGeo JAI-EXT — OSGeo GeoServer JAI-EXT Code Injection Vulnerability
CVSS 10QNAP Photo Station — QNAP Photo Station Externally Controlled Reference Vulnerability
CVSS 10SAP Multiple Products — SAP Multiple Products HTTP Request Smuggling Vulnerability
CVSS 10VMware Spring Cloud Gateway — VMware Spring Cloud Gateway Code Injection Vulnerability
CVSS 10Redis Debian-specific Redis Servers — Debian-specific Redis Server Lua Sandbox Escape Vulnerability
CVSS 10Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
CVSS 10Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
CVSS 10Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
CVSS 10Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
CVSS 10Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
CVSS 10D-Link Routers — D-Link Routers Buffer Overflow Vulnerability
CVSS 9.8NUUO NVRmini2 Devices — NUUO NVRmini2 Devices Missing Authentication Vulnerability
CVSS 9.8Oracle ADF Faces — Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
CVSS 9.8SolarView Compact — SolarView Compact Command Injection Vulnerability
CVSS 9.8Netwrix Auditor — Netwrix Auditor Insecure Object Deserialization Vulnerability
CVSS 9.8Fortra Cobalt Strike — Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
CVSS 9.8Teclib GLPI — Teclib GLPI Remote Code Execution Vulnerability
CVSS 9.8IBM Aspera Faspex — IBM Aspera Faspex Code Execution Vulnerability
CVSS 9.8Cacti Cacti — Cacti Command Injection Vulnerability
CVSS 9.8Oracle E-Business Suite — Oracle E-Business Suite Unspecified Vulnerability
CVSS 9.8Zoho ManageEngine — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVSS 9.8CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerability
CVSS 9.8Veeam Backup & Replication — Veeam Backup & Replication Remote Code Execution Vulnerability
CVSS 9.8Citrix Application Delivery Controller (ADC) and Gateway — Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
CVSS 9.8Fortinet FortiOS — Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
CVSS 9.8Zimbra ZCS — Unauthenticated Webshell Deployment via Amavis cpio Archive Extraction to Web Root
CVSS 9.8Fortinet Multiple Products — Fortinet Multiple Products Authentication Bypass Vulnerability
CVSS 9.8Sophos Firewall — Sophos Firewall Code Injection Vulnerability
CVSS 9.8Zoho ManageEngine — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVSS 9.8D-Link DIR-820L — D-Link DIR-820L Remote Code Execution Vulnerability
CVSS 9.8VMware Tanzu Spring Cloud — VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVSS 9.8Apache APISIX — Apache APISIX Authentication Bypass Vulnerability
CVSS 9.8Apache CouchDB — Apache CouchDB Insecure Default Initialization of Resource Vulnerability
CVSS 9.8dotCMS dotCMS — dotCMS Unrestricted Upload of File Vulnerability
CVSS 9.8Zimbra ZCS — Authentication Bypass in mboximport Enabling Unauthenticated File Upload and Remote Code Execution
CVSS 9.8Atlassian Confluence — Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
CVSS 9.8Mitel MiVoice Connect — Mitel MiVoice Connect Data Validation Vulnerability
CVSS 9.8Atlassian Confluence 'OGNL Injection' — Pre-Auth Remote Code Execution via URL Path Expression Language Injection
CVSS 9.8Zyxel Multiple Firewalls — Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVSS 9.8F5 BIG-IP — iControl REST API Authentication Bypass Enables Unauthenticated Remote Code Execution as Root
CVSS 9.8WSO2 Multiple Products — WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
CVSS 9.8VMware Workspace ONE Access and Identity Manager — VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
CVSS 9.8VMware Spring Framework — Spring Framework JDK 9+ Remote Code Execution Vulnerability
CVSS 9.8Sophos Firewall — Sophos Firewall Authentication Bypass Vulnerability
CVSS 9.8Trend Micro Apex Central — Trend Micro Apex Central Arbitrary File Upload Vulnerability
CVSS 9.8Mitel MiCollab, MiVoice Business Express — MiCollab, MiVoice Business Express Access Control Vulnerability
CVSS 9.8WatchGuard Firebox and XTM Appliances — WatchGuard Firebox and XTM Appliances Arbitrary Code Execution
CVSS 9.8Adobe Commerce and Magento Open Source — Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
CVSS 9.8Apple iOS and macOS — Apple Memory Corruption Vulnerability
CVSS 9.8Google Chromium GPU — Google Chromium GPU Heap Buffer Overflow Vulnerability
CVSS 9.6Google Chromium Mojo — Google Chromium Mojo Insufficient Data Validation Vulnerability
CVSS 9.6Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability
CVSS 9.6Zabbix Frontend — Zabbix Frontend Authentication Bypass Vulnerability
CVSS 9.1Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability
CVSS 8.8D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability
CVSS 8.8Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVSS 8.8Google Chromium Network Service — Google Chromium Network Service Use-After-Free Vulnerability
CVSS 8.8Arm Mali Graphics Processing Unit (GPU) — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
CVSS 8.8Apache Spark — Apache Spark Command Injection Vulnerability
CVSS 8.8Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vulnerability
CVSS 8.8Apple iOS — Apple iOS Type Confusion Vulnerability
CVSS 8.8Veeam Backup & Replication — Veeam Backup & Replication Remote Code Execution Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Atlassian Bitbucket Server and Data Center — Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
CVSS 8.8Microsoft Exchange Server — Microsoft Exchange Server Server-Side Request Forgery Vulnerability
CVSS 8.8WebRTC WebRTC — WebRTC Heap Buffer Overflow Vulnerability
CVSS 8.8Microsoft Active Directory — Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
CVSS 8.8Apple iOS and macOS — Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8WatchGuard Firebox and XTM — WatchGuard Firebox and XTM Privilege Escalation Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability
CVSS 8.8Google Chromium Animation — Google Chromium Animation Use-After-Free Vulnerability
CVSS 8.8Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
CVSS 8.8Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVSS 8.6Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
CVSS 8.6Linux Kernel — fsconfig Integer Underflow Allows Heap Overflow and Privilege Escalation via User Namespaces
CVSS 8.4Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 8.4Microsoft Windows — Microsoft Windows LSA Spoofing Vulnerability
CVSS 8.1Microsoft Exchange Server — Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8Cisco SD-WAN CLI — Relative Path Traversal to Root, Re-Weaponised by UAT-8616 via Deliberate Firmware Downgrade in 2026 Campaign
CVSS 7.8Audinate Dante Discovery — Dante Discovery Process Control Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVSS 7.8Arm Mali Graphics Processing Unit (GPU) — Arm Mali GPU Kernel Driver Unspecified Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
CVSS 7.8Apple iOS and iPadOS — Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
CVSS 7.8Microsoft Windows COM+ Event System Service — Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
CVSS 7.8Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Runtime Remote Code Execution Vulnerability
CVSS 7.8Apple iOS and macOS — Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows 'Follina' — MSDT URL Handler Invoked by Office Documents Allows Code Execution Without Macros
CVSS 7.8Linux Kernel 'Dirty Pipe' — Uninitialized Pipe Buffer Flag Permits Page Cache Overwrite for Local Privilege Escalation
CVSS 7.8Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVSS 7.8VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
CVSS 7.8Apple macOS — Apple macOS Out-of-Bounds Write Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability
CVSS 7.8ZK Framework AuUploader — ZK Framework AuUploader Unspecified Vulnerability
CVSS 7.5TerraMaster TerraMaster OS — TerraMaster OS Remote Command Execution Vulnerability
CVSS 7.5RARLAB UnRAR — RARLAB UnRAR Directory Traversal Vulnerability
CVSS 7.5Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability
CVSS 7.5Trend Micro Apex One and Apex One as a Service — Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
CVSS 7.2Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
CVSS 7.2Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalation Vulnerability
CVSS 7Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalation Vulnerability
CVSS 7Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7Zoho ManageEngine — Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
CVSS 6.8Mitel MiVoice Connect — Mitel MiVoice Connect Command Injection Vulnerability
CVSS 6.8Mitel MiVoice Connect — Mitel MiVoice Connect Code Injection Vulnerability
CVSS 6.8Fortinet FortiOS — Fortinet FortiOS Path Traversal Vulnerability
CVSS 6.7VMware vCenter Server — VMware vCenter Server Incorrect Default File Permissions Vulnerability
CVSS 6.5Google Chromium Intents — Google Chromium Intents Insufficient Input Validation Vulnerability
CVSS 6.5Cisco IOS XR — Cisco IOS XR Open Port Vulnerability
CVSS 6.5Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Fortra Cobalt Strike — Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Zimbra ZCS Classic UI — Stored XSS via Calendar Attribute Injection, Exploited in the Wild from December 2021
CVSS 6.1Apple macOS — Apple macOS Out-of-Bounds Read Vulnerability
CVSS 5.5Microsoft Defender — Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
CVSS 5.4Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
CVSS 5.4Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
CVSS 5.4Linux Kernel — Linux Kernel Use-After-Free Vulnerability
CVSS 5.3Samsung Mobile Devices — Samsung Mobile Devices Use-After-Free Vulnerability
CVSS 5Zabbix Frontend — Zabbix Frontend Improper Access Control Vulnerability
CVSS 3.7