Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Cisco IOS Software Denial-of-Service Vulnerability

A vulnerability in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition...

7.1CVSS4.5AI score0.05032EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Adobe Reader and Acrobat Use-After-Free Vulnerability

Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution...

10CVSS6.8AI score0.40243EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

Format string vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges o...

8CVSS4.8AI score0.03547EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service DoS...

8.6CVSS8.5AI score0.07758EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Cisco IOS Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a craft...

9CVSS3.8AI score0.07158EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•38 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user...

9.3CVSS4AI score0.81454EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•38 views

SAP Customer Relationship Management (CRM) Path Traversal Vulnerability

SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...

6.6CVSS6.3AI score0.28892EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/05 12:0 a.m.•37 views

Langflow Missing Authentication Vulnerability

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...

9.8CVSS10AI score0.9999EPSS
Exploits33
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•37 views

Microsoft Windows Win32k Use-After-Free Vulnerability

Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7CVSS6.8AI score0.01298EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/04 12:0 a.m.•37 views

CyberPanel Incorrect Default Permissions Vulnerability

CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...

10CVSS7.7AI score0.94798EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/22 12:0 a.m.•37 views

Microsoft SharePoint Deserialization Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution...

7.2CVSS8.1AI score0.47826EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/17 12:0 a.m.•37 views

SolarWinds Serv-U Path Traversal Vulnerability

SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...

8.6CVSS6.5AI score0.99614EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/28 12:0 a.m.•37 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS7.3AI score0.1002EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/11 12:0 a.m.•37 views

Unitronics Vision PLC and HMI Insecure Default Password Vulnerability

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...

9.8CVSS7.4AI score0.02089EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/16 12:0 a.m.•37 views

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...

9.8CVSS7AI score0.93168EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/01 12:0 a.m.•37 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...

7.5CVSS7.5AI score0.99811EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/14 12:0 a.m.•37 views

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8.4AI score0.10853EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/14 12:0 a.m.•37 views

Microsoft Windows Graphic Component Privilege Escalation Vulnerability

Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.5AI score0.05563EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/22 12:0 a.m.•37 views

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS9.5AI score0.9994EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•37 views

D-Link DIR-820L Remote Code Execution Vulnerability

D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution...

9.8CVSS4.4AI score0.81099EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•37 views

WebKitGTK Memory Corruption Vulnerability

WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution...

8.8CVSS4.2AI score0.01543EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•37 views

Checkbox Survey Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code...

9.8CVSS5.6AI score0.31946EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•37 views

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

7.5CVSS8.3AI score0.70207EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•37 views

Debian-specific Redis Server Lua Sandbox Escape Vulnerability

Redis is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...

10CVSS2.8AI score0.9967EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•37 views

ChakraCore Scripting Engine Type Confusion Vulnerability

The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution...

7.6CVSS2.8AI score0.75339EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•37 views

Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

There is a buffer overflow vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code...

8.8CVSS8.9AI score0.03421EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•37 views

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...

7.1CVSS3.6AI score0.05347EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•37 views

Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 ISR G2 Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service...

6.5CVSS5.7AI score0.02171EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•37 views

Cisco IOS Software Resource Management Errors Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service DoS condition...

6.3CVSS5AI score0.04729EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•37 views

Microsoft SMBv1 Remote Code Execution Vulnerability

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS8AI score0.9923EPSS
Exploits55
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•37 views

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco IOS XR Distance Vector Multicast Routing Protocol DVMRP incorrectly handles Internet Group Management Protocol IGMP packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash...

8.6CVSS7.3AI score0.03631EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•37 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user...

9.3CVSS8.5AI score0.99945EPSS
Exploits33
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/09 12:0 a.m.•36 views

Linux Kernel Out-of-Bounds Access Vulnerability

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code...

7.8CVSS7.7AI score0.03558EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/17 12:0 a.m.•36 views

Veeam Backup and Replication Deserialization Vulnerability

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...

9.8CVSS8AI score0.90208EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/17 12:0 a.m.•36 views

VMware vCenter Server Incorrect Default File Permissions Vulnerability

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

6.5CVSS6.8AI score0.13935EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/21 12:0 a.m.•36 views

GNU C Library Buffer Overflow Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...

7.8CVSS8AI score0.81422EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•36 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

5.3CVSS7.8AI score0.94205EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•36 views

Samba Remote Code Execution Vulnerability

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...

10CVSS9.7AI score0.99448EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•36 views

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...

10CVSS4.7AI score0.9251EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•36 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...

7.8CVSS3AI score0.04196EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•36 views

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...

7.8CVSS7.5AI score0.22583EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•36 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.1372EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•36 views

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution...

9.8CVSS7AI score0.74548EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•36 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution...

7.8CVSS4.7AI score0.044EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•36 views

VMware Tanzu Spring Data Commons Property Binder Vulnerability

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

9.8CVSS4.5AI score0.95649EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•36 views

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS2.9AI score0.06886EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•36 views

Adobe BlazeDS Information Disclosure Vulnerability

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...

6.5CVSS5.9AI score0.90012EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•36 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS4.3AI score0.1055EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•36 views

Microsoft PowerPoint Memory Corruption Vulnerability

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document...

9.3CVSS7.2AI score0.38497EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•36 views

Microsoft Windows Installer Privilege Escalation Vulnerability

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.5AI score0.20099EPSS
Exploits0
Total number of security vulnerabilities1652