Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2025/03/26 12:0 a.m.40 views

Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

8.8CVSS7.7AI score0.14154EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/10 12:0 a.m.40 views

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

9.8CVSS7.2AI score0.89829EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/29 12:0 a.m.40 views

Apple Multiple Products Use-After-Free Vulnerability

Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges...

10CVSS8.2AI score0.18668EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/19 12:0 a.m.40 views

Jenkins Command Line Interface (CLI) Path Traversal Vulnerability

Jenkins Command Line Interface CLI contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution...

9.8CVSS7AI score0.99999EPSS
Exploits46
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/02 12:0 a.m.40 views

Cisco NX-OS Command Injection Vulnerability

Cisco NX-OS contains a command injection vulnerability in the command line interface CLI that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device...

6.7CVSS7.5AI score0.04271EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/25 12:0 a.m.40 views

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Ivanti Endpoint Manager Cloud Service Appliance EPM CSA contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions nobody...

9.8CVSS8AI score0.99105EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/02/15 12:0 a.m.40 views

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...

9.8CVSS7.3AI score0.12661EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/02/06 12:0 a.m.40 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS8.5AI score0.37987EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/08 12:0 a.m.40 views

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution...

9.8CVSS7.7AI score0.99988EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/13 12:0 a.m.40 views

Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...

9.1CVSS6.9AI score0.21583EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/12 12:0 a.m.40 views

Linux Kernel Race Condition Vulnerability

Linux Kernel contains a race condition vulnerability within the nttywrite function that allows local users to cause a denial-of-service DoS or gain privileges via read and write operations with long strings...

6.9CVSS8.2AI score0.22475EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/27 12:0 a.m.40 views

ZK Framework AuUploader Unspecified Vulnerability

ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to...

7.5CVSS3.3AI score0.95335EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/14 12:0 a.m.40 views

Microsoft Office Publisher Security Feature Bypass Vulnerability

Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system...

7.3CVSS7.3AI score0.12107EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/18 12:0 a.m.40 views

SAP Multiple Products HTTP Request Smuggling Vulnerability

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the...

10CVSS2.2AI score0.97945EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
added 2022/07/01 12:0 a.m.40 views

Microsoft Windows LSA Spoofing Vulnerability

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM...

8.1CVSS3.5AI score0.10461EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/24 12:0 a.m.40 views

Artifex Ghostscript Type Confusion Vulnerability

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile...

7.8CVSS4.1AI score0.96968EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/13 12:0 a.m.40 views

Drupal Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site...

9.8CVSS6.3AI score0.99236EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.40 views

Microsoft Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

9.3CVSS3.1AI score0.73968EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.40 views

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

A cross-site scripting XSS vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML...

5.4CVSS3AI score0.33567EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.40 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS4.3AI score0.42632EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.40 views

Adobe Reader and Acrobat Use-After-Free Vulnerability

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution...

10CVSS6.8AI score0.40243EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.40 views

Apache Struts Remote Code Execution Vulnerability

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution...

10CVSS9.7AI score0.99999EPSS
Exploits44
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.40 views

Microsoft Windows Installer Privilege Escalation Vulnerability

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files...

7.8CVSS7.6AI score0.07667EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.40 views

Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The...

10CVSS9.6AI score0.99999EPSS
Exploits123
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/12 12:0 a.m.39 views

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions...

8.8CVSS7AI score0.13719EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/02 12:0 a.m.39 views

Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Ivanti Endpoint Manager EPM contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code...

9.6CVSS8.3AI score0.99951EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/07 12:0 a.m.39 views

JetBrains TeamCity Authentication Bypass Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions...

9.8CVSS7.1AI score0.99938EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/10 12:0 a.m.39 views

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in...

9.1CVSS7.9AI score0.99999EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/23 12:0 a.m.39 views

Zyxel Multiple NAS Devices Command Injection Vulnerability

Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request...

9.8CVSS8.1AI score0.84195EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/03/30 12:0 a.m.39 views

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website...

9.3CVSS6.7AI score0.70676EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2023/03/30 12:0 a.m.39 views

Arm Mali GPU Kernel Driver Unspecified Vulnerability

Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages...

7.8CVSS7.5AI score0.01226EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/10 12:0 a.m.39 views

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service DoS...

7.8CVSS7.6AI score0.09011EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2022/10/25 12:0 a.m.39 views

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability

Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges...

7.8CVSS4.4AI score0.01136EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/09/08 12:0 a.m.39 views

Android OS Privilege Escalation Vulnerability

The vold volume manager daemon in Android kernel trusts messages from a PFNETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor...

7.8CVSS6.3AI score0.41634EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/25 12:0 a.m.39 views

Microsoft IME Japanese Privilege Escalation Vulnerability

Microsoft Input Method Editor IME Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default with the default set as disabled. IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE IME for Japanese is installed which allows...

9.3CVSS8.3AI score0.47679EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/11 12:0 a.m.39 views

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS8.3AI score0.74265EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/06 12:0 a.m.39 views

Sudo Heap-Based Buffer Overflow Vulnerability

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation...

7.8CVSS8AI score0.99295EPSS
Exploits81
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/04 12:0 a.m.39 views

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding...

9.8CVSS3.8AI score0.99677EPSS
Exploits103
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.39 views

Oracle Fusion Middleware Unspecified Vulnerability

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors...

4.7CVSS6.2AI score0.04664EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.39 views

Microsoft Office Uninitialized Memory Use Vulnerability

Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document...

9.3CVSS7.2AI score0.35105EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.39 views

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows for remote code execution...

10CVSS3.9AI score0.19903EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/15 12:0 a.m.39 views

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS2.9AI score0.06886EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.39 views

Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

The Dynamic Host Configuration Protocol DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system...

10CVSS3.4AI score0.13883EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.39 views

Apache Tomcat Improper Privilege Management Vulnerability

Apache Tomcat treats Apache JServ Protocol AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited...

9.8CVSS2.6AI score0.9927EPSS
Exploits46
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.39 views

Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability

A vulnerability in the quality of service QoS subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges...

10CVSS5.6AI score0.14468EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.39 views

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...

7.1CVSS3.6AI score0.05347EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.39 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user...

9.3CVSS4AI score0.81454EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2025/08/25 12:0 a.m.38 views

Git Link Following Vulnerability

Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files...

8CVSS6.9AI score0.02775EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2025/02/25 12:0 a.m.38 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...

9CVSS6.1AI score0.77266EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/12/19 12:0 a.m.38 views

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user...

9.8CVSS7.8AI score0.87991EPSS
Exploits8
Total number of security vulnerabilities1652