Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2025/10/22 12:0 p.m.156 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Updated October 22, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA has determined that CVE-2025-6264 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of...

10CVSS9.7AI score0.1938EPSS
Exploits6References10
CISA
CISA
added 2020/03/06 12:0 a.m.156 views

Zoho Releases Security Update on ManageEngine Desktop Central

Zoho has released a security update on a vulnerability CVE-2020-10189 affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution...

10CVSS0.9AI score0.99941EPSS
Exploits6References2
CISA
CISA
added 2023/10/10 12:0 p.m.155 views

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerabilit...

7.8CVSS8.4AI score0.99999EPSS
Exploits21References10
CISA
CISA
added 2022/05/04 12:0 a.m.153 views

F5 Releases Security Advisories Addressing Multiple Vulnerabilities

F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit...

7.5CVSS2.2AI score0.99956EPSS
Exploits63References2
CISA
CISA
added 2017/07/28 12:0 a.m.149 views

Microsoft Releases Security Updates

Microsoft has released updates to address vulnerabilities affecting Microsoft Office. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Microsoft security advisories and appl...

9.3CVSS6.4AI score0.20077EPSS
Exploits0References2
CISA
CISA
added 2026/06/15 12:0 p.m.148 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20262link is external Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420link is external LiteSpeed cPanel Plugin UNIX...

8.5CVSS5.4AI score0.07683EPSS
Exploits5References8
CISA
CISA
added 2021/07/13 12:0 a.m.148 views

CISA Issues Emergency Directive on Microsoft Windows Print Spooler

CISA has issued Emergency Directive ED 21-04: Mitigate Windows Print Spooler Service Vulnerability addressing CVE-2021-34527. Attackers can exploit this vulnerability to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity...

9CVSS3AI score0.99759EPSS
Exploits41References4
CISA
CISA
added 2021/06/30 12:0 a.m.148 views

PrintNightmare, Critical Windows Print Spooler Vulnerability

Updated July 2, 2021 For new information and mitigations, see Microsoft's updated guidance for the Print spooler vulnerability CVE-2021-34527. Updated July 1, 2021 See Microsoft's new guidance for the Print spooler vulnerability CVE-2021-34527 and apply the necessary workarounds. Original post Ju...

9.3CVSS2.2AI score0.99759EPSS
Exploits75References5
CISA
CISA
added 2021/02/10 12:0 a.m.148 views

Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol CVE-2020-1472 on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows...

9.3CVSS3.3AI score0.99512EPSS
Exploits75References1
CISA
CISA
added 2021/02/09 12:0 a.m.148 views

Microsoft Warns of Windows Win32k Privilege Escalation

Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages user...

4.6CVSS3.5AI score0.78376EPSS
Exploits21References1
CISA
CISA
added 2020/10/29 12:0 a.m.148 views

Microsoft Warns of Continued Exploitation of CVE-2020-1472

Microsoft has released a blog post on cyber threat actors exploiting CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. The...

9.3CVSS1AI score0.99512EPSS
Exploits75References6
CISA
CISA
added 2011/05/27 12:0 a.m.147 views

Internet System Consortium releases BIND patches

The Internet System Consortium has released updates for BIND to address a vulnerability in BIND versions 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, and 9.8.0 and later. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition...

5CVSS0.8AI score0.24638EPSS
Exploits1References3
CISA
CISA
added 2010/04/16 12:0 a.m.146 views

Oracle Releases Sun Java SE 1.6.0_20

Oracle has released Sun Java SE 1.6.020 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker...

10CVSS2.4AI score0.69949EPSS
Exploits7References4
CISA
CISA
added 2022/10/31 12:0 a.m.144 views

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication 

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication MFA. CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using...

0.6AI score
Exploits0References3
CISA
CISA
added 2022/01/21 12:0 a.m.144 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...

9.3CVSS1.9AI score0.75071EPSS
Exploits21References5
CISA
CISA
added 2019/08/14 12:0 a.m.139 views

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows...

10CVSS3.1AI score0.99999EPSS
Exploits123References5
CISA
CISA
added 2025/03/19 12:0 p.m.138 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316link is external Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248link is external NAKIVO Backup and Replication Absolute Path...

9.8CVSS7.8AI score0.94557EPSS
Exploits7References8
CISA
CISA
added 2019/12/05 12:0 a.m.138 views

Microsoft Releases Security Advisory for Windows Hello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business WHfB. An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack ROCA, to take control of an affected system. The Cybersecurity and...

4.3CVSS2.7AI score0.09825EPSS
Exploits0References2
CISA
CISA
added 2025/08/12 12:0 p.m.137 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2013-3893link is external Microsoft Internet Explorer Resource Management Errors Vulnerability CVE-2007-0671link is external Microsoft Office Excel Remote Cod...

9.3CVSS8AI score0.8593EPSS
Exploits53References8
CISA
CISA
added 2025/05/05 12:0 p.m.137 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-3248link is external Langflow Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

9.8CVSS7.3AI score0.9999EPSS
Exploits33References6
CISA
CISA
added 2016/01/19 12:0 a.m.137 views

Linux Kernel Vulnerability

US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT recommends that users and administrators review the Redhat Security Blog and the Debi...

7.2CVSS2.9AI score0.03646EPSS
Exploits14References2
CISA
CISA
added 2021/10/12 12:0 a.m.136 views

Apple Releases Security Update to Address CVE-2021-30883

Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users to review the Apple security...

9.3CVSS1.2AI score0.14721EPSS
Exploits0References1
CISA
CISA
added 2021/08/21 12:0 a.m.136 views

Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable...

10CVSS2.8AI score0.99999EPSS
Exploits18References4
CISA
CISA
added 2021/08/10 12:0 a.m.135 views

Microsoft Releases August 2021 Security Updates

Updated: August 24, 2021 CISA is aware of open source reporting on the active exploitation of CVE-2021-36942 PetitPotam. To address this vulnerability, Microsoft released a patch and mitigation guidance as part of its August 2021 security updates. CISA strongly encourages users and administrators...

5CVSS1.7AI score0.66023EPSS
Exploits4References4
CISA
CISA
added 2015/02/18 12:0 a.m.134 views

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9.9.6-P2 BIND 9.10.1-P2 Users and administrators are...

5.4CVSS2.8AI score0.22168EPSS
Exploits0References1
CISA
CISA
added 2021/12/17 12:0 a.m.131 views

CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities

CISA has issued Emergency Directive ED 22-02: Mitigate Apache Log4j Vulnerability, directing federal civilian executive branch FCEB agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228. Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations...

9.3CVSS2.3AI score0.99999EPSS
Exploits354References4
CISA
CISA
added 2021/12/22 12:0 a.m.130 views

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library...

9.3CVSS2.2AI score0.99999EPSS
Exploits358References7
CISA
CISA
added 2024/07/09 12:0 p.m.129 views

Citrix Releases Security Updates for Multiple Products

Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: NetScaler...

9.4CVSS7.3AI score0.21331EPSS
Exploits0References6
CISA
CISA
added 2021/09/13 12:0 a.m.128 views

Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860

Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the...

6.8CVSS2AI score0.75994EPSS
Exploits2References5
CISA
CISA
added 2022/03/15 12:0 a.m.127 views

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication MFA protocols. The actors then exploited a critical Windows Print Spooler...

9CVSS3.1AI score0.99759EPSS
Exploits41References5
CISA
CISA
added 2022/05/18 12:0 a.m.126 views

Threat Actors Exploiting F5 BIG IP CVE-2022-1388

CISA and the Multi-State Information Sharing and Analysis Center MS-ISAC have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an...

7.5CVSS1.9AI score0.99956EPSS
Exploits63References1
CISA
CISA
added 2020/03/11 12:0 a.m.126 views

Microsoft Server Message Block RCE Vulnerability

Microsoft has released a security advisory to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker can exploit this vulnerability to take control of an affected system. SMB is a network file-sharing protocol that allows clien...

7.5CVSS3.2AI score0.9981EPSS
Exploits125References2
CISA
CISA
added 2021/09/16 12:0 a.m.125 views

FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

The Federal Bureau of Investigation FBI, CISA, and Coast Guard Cyber Command CGCYBER have released a Joint Cybersecurity Advisory CSA detailing the active exploitation of an authentication bypass vulnerability CVE-2021-40539 in Zoho ManageEngine ADSelfService Plus—a self-service password manageme...

7.5CVSS2.9AI score0.9896EPSS
Exploits8References3
CISA
CISA
added 2021/10/07 12:0 a.m.123 views

Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities CVE-2021-41773, CVE-2021-42013 in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild. CISA is...

7.5CVSS1.5AI score0.99992EPSS
Exploits175References2
CISA
CISA
added 2020/02/04 12:0 a.m.123 views

IRS Launches “Identity Theft Central” Webpage

The Internal Revenue Service IRS has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud. The...

6.7AI score
Exploits0References3
CISA
CISA
added 2021/12/22 12:0 a.m.118 views

Apache Releases Security Update for HTTP Server

The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version addresses vulnerabilities—CVE-2021-44790 and CVE-2021-44224—one of which may allow a remote attacker to take control of an affected system. CISA encourages users and administrators to review the Apache announcemen...

7.5CVSS2.1AI score0.97108EPSS
Exploits4References4
CISA
CISA
added 2022/05/13 12:0 a.m.117 views

CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog

CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations migh...

4.3CVSS2.1AI score0.10461EPSS
Exploits0References2
CISA
CISA
added 2020/03/12 12:0 a.m.117 views

Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability

Microsoft has released out-of-band security updates to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security...

7.5CVSS2.8AI score0.9981EPSS
Exploits125References3
CISA
CISA
added 2021/12/10 12:0 a.m.115 views

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and...

10CVSS0.7AI score0.99999EPSS
Exploits442References16
CISA
CISA
added 2011/09/29 12:0 a.m.115 views

Cisco Releases Security Advisory for Cisco IOS Software Smart Install

Cisco has released a security advisory to address a vulnerability in the Cisco IOS Software Install feature running on Cisco Catalyst Switches. Exploitation of this vulnerability may allow remote code execution by an unauthenticated attacker. US-CERT encourages administrators to review Cisco...

7.7AI score
Exploits0References2
CISA
CISA
added 2021/11/11 12:0 a.m.114 views

VMware Releases Security Advisory

VMware has released a security advisory to address a privilege escalation vulnerability in vCenter Server and Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

7.1AI score
Exploits0References1
CISA
CISA
added 2014/10/22 12:0 a.m.114 views

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, CVE-2014-6352 which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a...

9.3CVSS3.1AI score0.77553EPSS
Exploits11References2
CISA
CISA
added 2014/10/17 12:0 a.m.114 views

Drupal Releases Security Advisory

Drupal has released a security advisory to address an application program interface API vulnerability CVE-2014-3704 that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x versions prior to 7.32. US-CERT advises users an...

7.5CVSS3.3AI score0.99974EPSS
Exploits20References2
CISA
CISA
added 2026/05/29 12:0 p.m.113 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0257link is external Palo Alto Networks PAN-OS Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vectors for malicious cybe...

9.1CVSS5.8AI score0.86678EPSS
Exploits11References6
CISA
CISA
added 2020/12/03 12:0 a.m.113 views

VMware Releases Security Updates to Address CVE-2020-4006

VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructur...

9CVSS2.7AI score0.23771EPSS
Exploits0References1
CISA
CISA
added 2020/09/14 12:0 a.m.112 views

Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472

The Cybersecurity and Infrastructure Security Agency CISA is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive...

9.3CVSS2.7AI score0.99512EPSS
Exploits75References2
CISA
CISA
added 2022/06/23 12:0 a.m.109 views

CISA Releases Cloud Security Technical Reference Architecture

CISA has released its Cloud Security CS Technical Reference Architecture TRA to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines...

1.4AI score
Exploits0References3
CISA
CISA
added 2020/01/13 12:0 a.m.108 views

CISA Releases Test for Citrix ADC and Gateway Vulnerability

The Cybersecurity and Infrastructure Security Agency CISA has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller ADC and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security...

7.5CVSS1.9AI score0.99999EPSS
Exploits48References4
CISA
CISA
added 2022/01/28 12:0 a.m.107 views

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types...

10CVSS1.1AI score0.99999EPSS
Exploits171References5
CISA
CISA
added 2021/01/08 12:0 a.m.103 views

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the MS-IS...

10CVSS8.9AI score0.90049EPSS
Exploits2References2
Total number of security vulnerabilities4188