Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•37 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user...

9.3CVSS8.5AI score0.99945EPSS
Exploits33
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/09 12:0 a.m.•36 views

Linux Kernel Out-of-Bounds Access Vulnerability

Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code...

7.8CVSS7.7AI score0.03558EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/17 12:0 a.m.•36 views

Veeam Backup and Replication Deserialization Vulnerability

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...

9.8CVSS8AI score0.90208EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/17 12:0 a.m.•36 views

VMware vCenter Server Incorrect Default File Permissions Vulnerability

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

6.5CVSS6.8AI score0.13935EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/03 12:0 a.m.•36 views

Oracle WebLogic Server OS Command Injection Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document...

7.4CVSS7.6AI score0.96281EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/21 12:0 a.m.•36 views

GNU C Library Buffer Overflow Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...

7.8CVSS8AI score0.81422EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•36 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...

5.3CVSS7.8AI score0.94205EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•36 views

Samba Remote Code Execution Vulnerability

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...

10CVSS9.7AI score0.99448EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•36 views

Apache CouchDB Insecure Default Initialization of Resource Vulnerability

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...

10CVSS4.7AI score0.9251EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•36 views

QNAP Photo Station Improper Access Control Vulnerability

QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system...

9.8CVSS6.9AI score0.88213EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•36 views

Microsoft Internet Explorer Privilege Escalation Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...

8.8CVSS6.5AI score0.40289EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•36 views

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...

7.8CVSS7.5AI score0.22583EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•36 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...

7.8CVSS3AI score0.04196EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•36 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.1372EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•36 views

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution...

9.8CVSS7AI score0.74548EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•36 views

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution...

7.8CVSS4.7AI score0.044EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•36 views

Microsoft PowerPoint Memory Corruption Vulnerability

Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document...

9.3CVSS7.2AI score0.38497EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•36 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS4.3AI score0.1055EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•36 views

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges...

7.8CVSS3.8AI score0.42524EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•36 views

VMware vCenter Server Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization...

5.3CVSS2.3AI score0.49177EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•36 views

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...

9.8CVSS8.5AI score0.99987EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•36 views

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.5AI score0.03229EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•36 views

SAP NetWeaver Remote Code Execution Vulnerability

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...

10CVSS9.5AI score0.1745EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•36 views

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...

10CVSS9.4AI score0.99731EPSS
Exploits30
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/12 12:0 a.m.•35 views

Microsoft Windows Race Condition Vulnerability

Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access...

7CVSS6.8AI score0.06073EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/01 12:0 a.m.•35 views

Apache HTTP Server Improper Escaping of Output Vulnerability

Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...

9.1CVSS7.4AI score0.99957EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/17 12:0 a.m.•35 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file...

9.8CVSS7.3AI score0.1966EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/18 12:0 a.m.•35 views

tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...

8.6CVSS8.6AI score0.41008EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/12 12:0 a.m.•35 views

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device...

6.1CVSS6AI score0.04371EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/07 12:0 a.m.•35 views

Android Framework Privilege Escalation Vulnerability

Android Framework contains an unspecified vulnerability that allows for privilege escalation...

7.3CVSS7.3AI score0.00714EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/13 12:0 a.m.•35 views

Ivanti Cloud Services Appliance OS Command Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

7.2CVSS7.5AI score0.88955EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/30 12:0 a.m.•35 views

VMware ESXi Authentication Bypass Vulnerability

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group 'ESXi Admins' by default after it...

7.2CVSS7.4AI score0.2677EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/26 12:0 a.m.•35 views

OSGeo GeoServer JAI-EXT Code Injection Vulnerability

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

10CVSS9.7AI score0.98739EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/20 12:0 a.m.•35 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page...

9.6CVSS7.4AI score0.15111EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/01 12:0 a.m.•35 views

GitLab Community and Enterprise Editions Improper Access Control Vulnerability

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover...

10CVSS7.2AI score0.94955EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/08 12:0 a.m.•35 views

Service Location Protocol (SLP) Denial-of-Service Vulnerability

The Service Location Protocol SLP contains a denial-of-service DoS vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor...

7.5CVSS7.3AI score0.65873EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/19 12:0 a.m.•35 views

MinIO Security Feature Bypass Vulnerability

MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...

8.8CVSS6.9AI score0.06736EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•35 views

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application...

7.3CVSS5.9AI score0.84138EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•35 views

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability

The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges...

7.8CVSS5.2AI score0.03114EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•35 views

Pi-Hole AdminLTE Remote Code Execution Vulnerability

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

9.1CVSS7.1AI score0.7819EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•35 views

Apache Log4j2 Remote Code Execution Vulnerability

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution...

10CVSS4.1AI score0.99999EPSS
Exploits355
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•35 views

Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...

9.8CVSS3.8AI score0.76526EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•35 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front...

7.8CVSS8AI score0.22178EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•35 views

Microsoft Office and WordPad Remote Code Execution Vulnerability

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution...

9.3CVSS8.1AI score0.99933EPSS
Exploits29
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•35 views

Apache HTTP Server Privilege Escalation Vulnerability

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute code with the privileges of the parent process usually root by manipulating the scoreboard...

7.8CVSS7.8AI score0.65005EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•35 views

Docker Desktop Community Edition Privilege Escalation Vulnerability

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...

9.3CVSS7.2AI score0.29628EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/03 12:0 a.m.•34 views

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie...

9.8CVSS6.4AI score0.27546EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/03 12:0 a.m.•34 views

TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability

TP-Link Archer C7EU and TL-WR841N/NDMS contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

8.6CVSS7.7AI score0.11747EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/07 12:0 a.m.•34 views

CrushFTP Authentication Bypass Vulnerability

CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account e.g., crushadmin, potentially leading to a full compromise...

9.8CVSS7.6AI score0.99947EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/03 12:0 a.m.•34 views

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...

8.4CVSS6.9AI score0.22349EPSS
Exploits0
Total number of security vulnerabilities1652