| | CVE-2022-23724 | ForgeRock | medium | 6.4 | — | | Use of static encryption key material allows forging an authentication token to other users within a… | May 4, 2022 | Nov 21, 2024 |
| | CVE-2022-23723 | ForgeRock | high | 7.7 | — | | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2022-23722 | ForgeRock | medium | 6.5 | — | | When a password reset mechanism is configured to use the Authentication API with an Authentication P… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2021-42001 | ForgeRock | high | 8.0 | — | | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to s… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41994 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary a… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41993 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictiona… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41992 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed diction… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2022-20773 | Cisco | high | 7.5 | 1.1%
| | A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (V… | Apr 21, 2022 | Jun 22, 2026 |
| | CVE-2022-26901 | Microsoft | high | 7.8 | 0.8%
| | Microsoft Excel Remote Code Execution Vulnerability | Apr 15, 2022 | May 19, 2026 |
| | CVE-2022-24473 | Microsoft | high | 7.8 | 2.4%
| | Microsoft Excel Remote Code Execution Vulnerability | Apr 15, 2022 | May 19, 2026 |
| | CVE-2022-26504 | Veeam | high | 8.8 | — | | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for … | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2022-26501 | Veeam | critical | 9.8 | — | | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26500 | Veeam | high | 8.8 | — | | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows r… | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26503 | Veeam | high | 7.8 | — | | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allo… | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2022-0778 | Tenable | high | 7.5 | 6.9%
| | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it t… | Mar 15, 2022 | May 22, 2026 |
| | CVE-2022-24512 | Microsoft | medium | 6.3 | 0.2%
| | .NET and Visual Studio Remote Code Execution Vulnerability | Mar 9, 2022 | May 27, 2026 |
| | CVE-2022-24511 | Microsoft | medium | 5.5 | 0.7%
| | Microsoft Office Word Tampering Vulnerability | Mar 9, 2022 | May 19, 2026 |
| | CVE-2022-24510 | Microsoft | high | 7.8 | 1.4%
| | Microsoft Office Visio Remote Code Execution Vulnerability | Mar 9, 2022 | May 19, 2026 |
| | CVE-2022-24509 | Microsoft | high | 7.8 | 1.4%
| | Microsoft Office Visio Remote Code Execution Vulnerability | Mar 9, 2022 | May 19, 2026 |
| | CVE-2022-24464 | Microsoft | high | 7.5 | 1.2%
| | .NET and Visual Studio Denial of Service Vulnerability | Mar 9, 2022 | May 27, 2026 |
| | CVE-2022-24462 | Microsoft | medium | 5.5 | 0.8%
| | Microsoft Word Security Feature Bypass Vulnerability | Mar 9, 2022 | May 19, 2026 |
| | CVE-2022-24461 | Microsoft | high | 7.8 | 1.4%
| | Microsoft Office Visio Remote Code Execution Vulnerability | Mar 9, 2022 | May 19, 2026 |
| | CVE-2021-4201 | ForgeRock | critical | 9.6 | — | | Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms al… | Feb 14, 2022 | Nov 21, 2024 |
| | CVE-2021-42000 | ForgeRock | medium | 5.3 | — | | When a password reset or password change flow with an authentication policy is configured and the ad… | Feb 10, 2022 | Nov 21, 2024 |
| | CVE-2022-23913 | Apache | high | 7.5 | 2.7%
| | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availabili… | Feb 4, 2022 | Jun 15, 2026 |
| | CVE-2021-36193 | Fortinet | medium | 6.7 | 0.5%
| | Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a… | Feb 2, 2022 | Jan 13, 2026 |
| | CVE-2021-31854 | Trellix | high | 7.7 | 0.3%
| | A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users… | Jan 19, 2022 | Feb 24, 2026 |
| | CVE-2022-23307 | Apache | high | 8.8 | 2.6%
| | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chain… | Jan 18, 2022 | May 22, 2026 |
| | CVE-2022-23305 | Apache | critical | 9.8 | 9.5%
| | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter whe… | Jan 18, 2022 | May 27, 2026 |
| | CVE-2022-23302 | Apache | high | 8.8 | 0.8%
| | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the att… | Jan 18, 2022 | May 22, 2026 |
| | CVE-2022-21841 | Microsoft | high | 7.8 | 3.1%
| | Microsoft Excel Remote Code Execution Vulnerability | Jan 11, 2022 | May 19, 2026 |
| | CVE-2022-21840 | Microsoft | high | 8.8 | 9.5%
| | Microsoft Office Remote Code Execution Vulnerability | Jan 11, 2022 | May 19, 2026 |
| | CVE-2021-44832 | Apache | medium | 6.6 | 53.6%
| | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) a… | Dec 28, 2021 | May 29, 2026 |
| | CVE-2021-45105 | Apache | medium | 5.9 | 74.5%
| | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from u… | Dec 18, 2021 | May 29, 2026 |
| | CVE-2021-22054 | VMware | high | 7.5 | 93.8%
| ⚠ KEV | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prio… | Dec 17, 2021 | Mar 10, 2026 |
| | CVE-2021-43890 | Microsoft | high | 7.1 | 16.4%
| ⚠ KEV | We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Wi… | Dec 15, 2021 | Feb 25, 2026 |
| | CVE-2021-43875 | Microsoft | high | 7.8 | 1.1%
| | Microsoft Office Graphics Remote Code Execution Vulnerability | Dec 15, 2021 | May 19, 2026 |
| | CVE-2021-43256 | Microsoft | high | 7.8 | 0.9%
| | Microsoft Excel Remote Code Execution Vulnerability | Dec 15, 2021 | May 19, 2026 |
| | CVE-2021-43255 | Microsoft | medium | 5.5 | 1.8%
| | Microsoft Office Trust Center Spoofing Vulnerability | Dec 15, 2021 | May 19, 2026 |
| | CVE-2021-42295 | Microsoft | medium | 5.5 | 7.3%
| | Visual Basic for Applications Information Disclosure Vulnerability | Dec 15, 2021 | May 19, 2026 |
| | CVE-2021-42293 | Microsoft | medium | 6.5 | 3.4%
| | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerabilit… | Dec 15, 2021 | May 19, 2026 |
| | CVE-2021-4104 | Apache | high | 7.5 | 72.2%
| | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr… | Dec 14, 2021 | May 28, 2026 |
| | CVE-2021-44228 | Cisco | critical | 10.0 | 94.4%
| ⚠ KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI … | Dec 10, 2021 | Feb 20, 2026 |
| | CVE-2021-42306 | Microsoft | high | 8.1 | 8.5%
| | An information disclosure vulnerability manifests when a user or an application uploads unprotected … | Nov 24, 2021 | Feb 24, 2026 |
| | CVE-2021-42296 | Microsoft | high | 7.8 | 0.7%
| | Microsoft Word Remote Code Execution Vulnerability | Nov 10, 2021 | May 19, 2026 |
| | CVE-2021-41372 | Microsoft | high | 7.6 | 0.2%
| | A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power B… | Nov 10, 2021 | Feb 24, 2026 |
| | CVE-2021-41770 | ForgeRock | high | 7.5 | — | | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack… | Oct 7, 2021 | Nov 21, 2024 |
| | CVE-2021-22947 | Splunk | medium | 5.9 | 0.3%
| | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS… | Sep 29, 2021 | Apr 16, 2026 |
| | CVE-2021-22946 | Splunk | high | 7.5 | 0.1%
| | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to… | Sep 29, 2021 | Apr 16, 2026 |
| | CVE-2021-40329 | ForgeRock | critical | 9.8 | — | | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of exter… | Sep 27, 2021 | Nov 21, 2024 |