| | CVE-2022-23719 |  ForgeRock | high | 7.2 | — | | PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23718 | ForgeRock | high | 7.6 | — | | PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code exec… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-23717 | ForgeRock | medium | 5.0 | — | | PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines w… | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41995 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary … | Jun 30, 2022 | Nov 21, 2024 |
| | CVE-2022-32156 |  Splunk | high | 8.1 | 0.2%
| | In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface … | Jun 15, 2022 | Feb 25, 2026 |
| | CVE-2022-27782 | Splunk | high | 7.5 | 0.5%
| | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch… | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-27781 | Splunk | high | 7.5 | 0.1%
| | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne… | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-27774 | Splunk | medium | 5.7 | 0.3%
| | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 … | Jun 2, 2022 | Apr 16, 2026 |
| | CVE-2022-22576 | Splunk | high | 8.1 | 0.3%
| | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might a… | May 26, 2022 | Apr 16, 2026 |
| | CVE-2022-23724 | ForgeRock | medium | 6.4 | — | | Use of static encryption key material allows forging an authentication token to other users within a… | May 4, 2022 | Nov 21, 2024 |
| | CVE-2022-23723 | ForgeRock | high | 7.7 | — | | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2022-23722 | ForgeRock | medium | 6.5 | — | | When a password reset mechanism is configured to use the Authentication API with an Authentication P… | May 2, 2022 | Nov 21, 2024 |
| | CVE-2021-42001 | ForgeRock | high | 8.0 | — | | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to s… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41994 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary a… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41993 | ForgeRock | medium | 6.6 | — | | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictiona… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2021-41992 | ForgeRock | high | 7.7 | — | | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed diction… | Apr 30, 2022 | Nov 21, 2024 |
| | CVE-2022-26504 |  Veeam | high | 8.8 | — | | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for … | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2022-26501 | Veeam | critical | 9.8 | — | | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26500 | Veeam | high | 8.8 | — | | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows r… | Mar 17, 2022 | Nov 3, 2025 |
| | CVE-2022-26503 | Veeam | high | 7.8 | — | | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allo… | Mar 17, 2022 | Nov 21, 2024 |
| | CVE-2022-0778 |  Tenable | high | 7.5 | 7.8%
| | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it t… | Mar 15, 2022 | Apr 14, 2026 |
| | CVE-2021-4201 | ForgeRock | critical | 9.6 | — | | Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms al… | Feb 14, 2022 | Nov 21, 2024 |
| | CVE-2021-42000 | ForgeRock | medium | 5.3 | — | | When a password reset or password change flow with an authentication policy is configured and the ad… | Feb 10, 2022 | Nov 21, 2024 |
| | CVE-2021-36193 |  Fortinet | medium | 6.7 | 0.5%
| | Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may a… | Feb 2, 2022 | Jan 13, 2026 |
| | CVE-2021-31854 |  Trellix | high | 7.7 | 0.3%
| | A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users… | Jan 19, 2022 | Feb 24, 2026 |
| | CVE-2021-22054 |  VMware | high | 7.5 | 93.8%
| ⚠ KEV | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prio… | Dec 17, 2021 | Mar 10, 2026 |
| | CVE-2021-43890 |  Microsoft | high | 7.1 | 16.4%
| ⚠ KEV | We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Wi… | Dec 15, 2021 | Feb 25, 2026 |
| | CVE-2021-44228 |  Cisco | critical | 10.0 | 94.4%
| ⚠ KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI … | Dec 10, 2021 | Feb 20, 2026 |
| | CVE-2021-42306 | Microsoft | high | 8.1 | 8.5%
| | An information disclosure vulnerability manifests when a user or an application uploads unprotected … | Nov 24, 2021 | Feb 24, 2026 |
| | CVE-2021-41372 | Microsoft | high | 7.6 | 0.2%
| | A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power B… | Nov 10, 2021 | Feb 24, 2026 |
| | CVE-2021-41770 | ForgeRock | high | 7.5 | — | | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack… | Oct 7, 2021 | Nov 21, 2024 |
| | CVE-2021-22947 | Splunk | medium | 5.9 | 0.3%
| | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS… | Sep 29, 2021 | Apr 16, 2026 |
| | CVE-2021-22946 | Splunk | high | 7.5 | 0.1%
| | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to… | Sep 29, 2021 | Apr 16, 2026 |
| | CVE-2021-40329 | ForgeRock | critical | 9.8 | — | | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of exter… | Sep 27, 2021 | Nov 21, 2024 |
| | CVE-2021-31923 | ForgeRock | medium | 5.3 | — | | Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | Sep 24, 2021 | Nov 21, 2024 |
| | CVE-2021-31843 | Trellix | high | 7.3 | 0.0%
| | Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7… | Sep 17, 2021 | Feb 24, 2026 |
| | CVE-2021-37154 | ForgeRock | critical | 9.8 | — | | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, pot… | Aug 25, 2021 | Nov 21, 2024 |
| | CVE-2021-37153 | ForgeRock | critical | 9.8 | — | | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity… | Aug 25, 2021 | Nov 21, 2024 |
| | CVE-2021-3712 | Tenable | high | 7.4 | 0.4%
| | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a… | Aug 24, 2021 | Apr 16, 2026 |
| | CVE-2021-39270 | ForgeRock | high | 7.5 | — | | In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. | Aug 18, 2021 | Nov 21, 2024 |
| | CVE-2021-22925 | Splunk | medium | 5.3 | 0.4%
| | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely … | Aug 5, 2021 | Apr 16, 2026 |
| | CVE-2021-22922 | Splunk | medium | 6.5 | 0.1%
| | When curl is instructed to download content using the metalink feature, thecontents is verified agai… | Aug 5, 2021 | Apr 16, 2026 |
| | CVE-2021-35464 | ForgeRock | critical | 9.8 | — | | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession para… | Jul 22, 2021 | Nov 5, 2025 |
| | CVE-2021-35971 | Veeam | critical | 9.8 | — | | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mish… | Jun 30, 2021 | Nov 21, 2024 |
| | CVE-2021-31838 | Trellix | high | 8.4 | 2.9%
| | A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVED… | Jun 29, 2021 | Feb 24, 2026 |
| | CVE-2021-22898 | Splunk | low | 3.1 | 0.1%
| | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, kn… | Jun 11, 2021 | Apr 16, 2026 |
| | CVE-2021-29156 | ForgeRock | high | 7.5 | — | | ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an una… | Mar 25, 2021 | Nov 21, 2024 |
| | CVE-2020-7346 | Trellix | high | 7.8 | 0.1%
| | Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.10… | Mar 23, 2021 | Feb 23, 2026 |
| | CVE-2021-24105 | Microsoft | high | 8.4 | 0.7%
| | <p>Depending on configuration of various package managers it is possible for an attacker to insert a… | Feb 25, 2021 | Feb 24, 2026 |
| | CVE-2021-1730 | Microsoft | medium | 5.4 | 2.0%
| | <p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that… | Feb 25, 2021 | Feb 24, 2026 |