| | CVE-2021-41372 |  Microsoft | high | 7.6 | 0.2%
| | A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power B… | Nov 10, 2021 | Feb 24, 2026 |
| | CVE-2021-42306 | Microsoft | high | 8.1 | 8.5%
| | An information disclosure vulnerability manifests when a user or an application uploads unprotected … | Nov 24, 2021 | Feb 24, 2026 |
| | CVE-2021-44228 |  Cisco | critical | 10.0 | 94.4%
| ⚠ KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI … | Dec 10, 2021 | Feb 20, 2026 |
| | CVE-2021-43890 | Microsoft | high | 7.1 | 16.4%
| ⚠ KEV | We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Wi… | Dec 15, 2021 | Feb 25, 2026 |
| | CVE-2021-22054 |  VMware | high | 7.5 | 93.8%
| ⚠ KEV | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prio… | Dec 17, 2021 | Mar 10, 2026 |
| | CVE-2021-31854 |  Trellix | high | 7.7 | 0.3%
| | A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users… | Jan 19, 2022 | Feb 24, 2026 |
| | CVE-2021-36193 |  Fortinet | medium | 6.7 | 0.5%
| | Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a… | Feb 2, 2022 | Jan 13, 2026 |
| | CVE-2021-42000 |  ForgeRock | medium | 5.3 | — | | When a password reset or password change flow with an authentication policy is configured and the ad… | Feb 10, 2022 | Nov 21, 2024 |
| | CVE-2021-4201 | ForgeRock | critical | 9.6 | — | | Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms al… | Feb 14, 2022 | Nov 21, 2024 |
| | CVE-2022-0778 |  Tenable | high | 7.5 | 7.8%
| | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it t… | Mar 15, 2022 | Apr 14, 2026 |
| | CVE-2022-26503 |  Veeam | high | 7.8 | — | | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allo… | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2022-26500 | Veeam | high | 8.8 | — | | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows r… | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26501 | Veeam | critical | 9.8 | — | | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26504 | Veeam | high | 8.8 | — | | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for … | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2021-41992 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed diction… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41993 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictiona… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41994 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary a… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-42001 | ForgeRock | high | 8.0 | — | | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to s… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23722 | ForgeRock | medium | 6.5 | — | | When a password reset mechanism is configured to use the Authentication API with an Authentication P… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2022-23723 | ForgeRock | high | 7.7 | — | | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2022-23724 | ForgeRock | medium | 6.4 | — | | Use of static encryption key material allows forging an authentication token to other users within a… | May 4, 2022 | Nov 21, 2024 |
| | CVE-2022-22576 |  Splunk | high | 8.1 | 0.3%
| | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a… | May 26, 2022 | Apr 16, 2026 |
| | CVE-2022-27774 | Splunk | medium | 5.7 | 0.3%
| | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 … | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-27781 | Splunk | high | 7.5 | 0.1%
| | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne… | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-27782 | Splunk | high | 7.5 | 0.5%
| | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch… | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-32156 | Splunk | high | 8.1 | 0.2%
| | In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface … | Jun 15, 2022 | Feb 25, 2026 |
| | CVE-2021-41995 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary … | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23717 | ForgeRock | medium | 5.0 | — | | PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines w… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23718 | ForgeRock | high | 7.6 | — | | PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code exec… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23719 | ForgeRock | high | 7.2 | — | | PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23720 | ForgeRock | high | 7.5 | — | | PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with t… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23725 | ForgeRock | high | 7.7 | — | | PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries … | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-32225 | Veeam | medium | 6.1 | — | | A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Managemen… | Jul 14, 2022 | Nov 21, 2024 |
| | CVE-2022-35737 | Splunk | high | 7.5 | 51.9%
| | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of … | Aug 3, 2022 | Feb 13, 2026 |
| | CVE-2022-0143 | ForgeRock | critical | 9.3 | — | | When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This… | Sep 19, 2022 | Nov 21, 2024 |
| | CVE-2022-23726 | ForgeRock | medium | 5.4 | — | | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with admini… | Sep 30, 2022 | Nov 21, 2024 |
| | CVE-2022-20775 | Cisco | high | 7.8 | 0.5%
| ⚠ KEV | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to … | Sep 30, 2022 | Feb 26, 2026 |
| | CVE-2022-40684 | Fortinet | critical | 9.8 | 94.4%
| ⚠ KEV | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.… | Oct 18, 2022 | Jan 14, 2026 |
| | CVE-2022-24669 | ForgeRock | medium | 6.5 | — | | It may be possible to gain some details of the deployment through a well-crafted attack. This may al… | Oct 27, 2022 | Nov 21, 2024 |
| | CVE-2022-24670 | ForgeRock | high | 7.1 | — | | An attacker can use the unrestricted LDAP queries to determine configuration entries | Oct 27, 2022 | Nov 21, 2024 |
| | CVE-2022-42916 | Splunk | high | 7.5 | 0.1%
| | In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it… | Oct 29, 2022 | Feb 13, 2026 |
| | CVE-2022-45047 |  Apache | critical | 9.8 | 5.7%
| | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1… | Nov 16, 2022 | May 1, 2026 |
| | CVE-2022-32221 | Splunk | critical | 9.8 | 1.8%
| | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION… | Dec 5, 2022 | Feb 13, 2026 |
| | CVE-2022-43549 | Veeam | critical | 9.8 | — | | Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass au… | Dec 5, 2022 | Apr 24, 2025 |
| | CVE-2022-43551 | Splunk | high | 7.5 | 0.0%
| | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H… | Dec 23, 2022 | Feb 13, 2026 |
| | CVE-2023-21529 | Microsoft | high | 8.8 | 58.9%
| ⚠ KEV | Microsoft Exchange Server Remote Code Execution Vulnerability | Feb 14, 2023 | Apr 14, 2026 |
| | CVE-2023-23915 | Splunk | medium | 6.5 | 0.0%
| | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could c… | Feb 23, 2023 | Feb 13, 2026 |
| | CVE-2023-0339 | ForgeRock | critical | 9.1 | — | | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authent… | Feb 28, 2023 | Apr 14, 2025 |
| | CVE-2023-0511 | ForgeRock | critical | 9.1 | — | | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authen… | Feb 28, 2023 | Apr 14, 2025 |
| | CVE-2023-27532 | Veeam | high | 7.5 | — | | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the con… | Mar 10, 2023 | Nov 3, 2025 |