Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

SAP NetWeaver XML External Entity (XXE) Vulnerability

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.2AI score0.23805EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS9.5AI score0.99728EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.5AI score0.10337EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution...

10CVSS9.2AI score0.63304EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/28 12:0 a.m.•45 views

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

8.8CVSS8.9AI score0.29246EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•45 views

Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability

Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...

5.5CVSS6.4AI score0.01852EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•45 views

Microsoft Windows Storage Link Following Vulnerability

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable...

7.1CVSS6.7AI score0.02258EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/18 12:0 a.m.•45 views

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

9.8CVSS9.7AI score0.62478EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/04 12:0 a.m.•45 views

Android Pixel Information Disclosure Vulnerability

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...

5.5CVSS6.7AI score0.00482EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/02 12:0 a.m.•45 views

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...

8.8CVSS8.9AI score0.80274EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/01/23 12:0 a.m.•45 views

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

9.8CVSS2.6AI score0.99753EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/29 12:0 a.m.•45 views

TIBCO JasperReports Server Information Disclosure Vulnerability

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...

8.8CVSS2.5AI score0.48753EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•45 views

QNAP Photo Station Externally Controlled Reference Vulnerability

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

10CVSS2.9AI score0.87908EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•45 views

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability

The Graphics Device Interface GDI in Microsoft Windows allows local users to gain privileges via a crafted application...

7.8CVSS6.7AI score0.11022EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•45 views

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system...

7.8CVSS3.6AI score0.03023EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

9.9CVSS5.2AI score0.75594EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...

10CVSS5AI score0.8345EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•45 views

Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service DoS condition...

7.8CVSS4.1AI score0.08302EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•45 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document...

9.3CVSS7.3AI score0.53213EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•45 views

Apple OS X Authentication Bypass Vulnerability

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges...

7.8CVSS6.7AI score0.09887EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/01 12:0 a.m.•45 views

MikroTik Router OS Directory Traversal Vulnerability

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

9.1CVSS5.7AI score0.96087EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•45 views

IBM Planning Analytics Remote Code Execution Vulnerability

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...

10CVSS9.1AI score0.86441EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•45 views

Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability

Microsoft Windows Error Reporting WER contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode...

7.8CVSS7.8AI score0.05207EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/13 12:0 a.m.•44 views

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.01291EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/14 12:0 a.m.•44 views

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS6.8AI score0.01363EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/23 12:0 a.m.•44 views

Fortinet FortiManager Missing Authentication Vulnerability

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS8.3AI score0.94761EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/21 12:0 a.m.•44 views

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...

7.2CVSS7.4AI score0.4638EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/15 12:0 a.m.•44 views

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS8.2AI score0.99813EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/29 12:0 a.m.•44 views

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

8.4CVSS7.2AI score0.22133EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•44 views

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the P...

9.8CVSS7.6AI score0.93546EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/04 12:0 a.m.•44 views

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges...

7CVSS7.1AI score0.01872EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/12 12:0 a.m.•44 views

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability

Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.261EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•44 views

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

8.8CVSS8.8AI score0.12588EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•44 views

Adobe Flash Player Integer Overflow Vulnerability

Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...

9.3CVSS7.1AI score0.21194EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•44 views

Apple macOS Out-of-Bounds Read Vulnerability

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...

5.5CVSS3.2AI score0.01132EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•44 views

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.7AI score0.99796EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•44 views

Cisco VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...

10CVSS7.4AI score0.55409EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•44 views

Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability

A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service...

6.5CVSS3.5AI score0.02034EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/15 12:0 a.m.•44 views

Google Chromium Animation Use-After-Free Vulnerability

Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.9AI score0.23546EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•44 views

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...

10CVSS6.7AI score0.88013EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•44 views

Grandstream Networks UCM6200 Series SQL Injection Vulnerability

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

10CVSS3AI score0.83926EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/18 12:0 a.m.•43 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...

9.8CVSS7.5AI score0.94465EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/07 12:0 a.m.•43 views

Apache OFBiz Path Traversal Vulnerability

Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution...

9.8CVSS8.2AI score0.99426EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/26 12:0 a.m.•43 views

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...

6.3CVSS6AI score0.76596EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/14 12:0 a.m.•43 views

Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass...

8.8CVSS7.3AI score0.03939EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/13 12:0 a.m.•43 views

Google Chromium Visuals Use-After-Free Vulnerability

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS7.2AI score0.08348EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/26 12:0 a.m.•43 views

Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

9.8CVSS7.6AI score0.86956EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•43 views

Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...

7.9CVSS8AI score0.03702EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•43 views

Adobe Acrobat and Reader Unspecified Vulnerability

Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times...

9.3CVSS4AI score0.36844EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•43 views

Microsoft Internet Explorer Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information...

8.8CVSS4.1AI score0.19522EPSS
Exploits0
Total number of security vulnerabilities1652