Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/24 12:0 a.m.•31 views

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and oth...

6.5CVSS2.9AI score0.28307EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•31 views

Adobe Acrobat and Reader Double Free Vulnerability

Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution...

8.8CVSS3.1AI score0.36365EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•31 views

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications...

6.5CVSS2.6AI score0.58023EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•31 views

Microsoft Windows SMBv1 Information Disclosure Vulnerability

The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet...

7.5CVSS4.2AI score0.99693EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/14 12:0 a.m.•31 views

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection...

10CVSS4.7AI score0.99997EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•31 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.24237EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•31 views

D-Link DIR-610 Devices Remote Command Execution

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php...

8.8CVSS5.8AI score0.21338EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•31 views

Adobe ColdFusion Information Disclosure Vulnerability

Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server...

7.5CVSS1.9AI score0.65867EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•31 views

Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition...

7.8CVSS4.4AI score0.07209EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•31 views

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator...

7.8CVSS3.1AI score0.37164EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•31 views

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP...

7.8CVSS3AI score0.73856EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8CVSS9.6AI score0.99728EPSS
Exploits27
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Android Kernel Out-of-Bounds Write Vulnerability

Android Kernel bindertransaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."...

7.8CVSS7.1AI score0.03246EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode...

7.8CVSS7.6AI score0.52778EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability

Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user...

8.8CVSS9AI score0.8621EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Adobe Flash Player Use-After-Free Vulnerability

Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution...

7.8CVSS8.8AI score0.89532EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Apache Shiro Code Execution Vulnerability

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...

9.8CVSS8.3AI score0.93039EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution...

9.8CVSS9.4AI score0.99999EPSS
Exploits48
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Liferay Portal Deserialization of Untrusted Data Vulnerability

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...

9.8CVSS9.2AI score0.99766EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•31 views

Microsoft .NET Framework Remote Code Execution Vulnerability

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system...

9.3CVSS8AI score0.88698EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/16 12:0 a.m.•30 views

TP-Link Multiple Routers Command Injection Vulnerability

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

8.8CVSS8.9AI score0.41874EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/14 12:0 a.m.•30 views

Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability

Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests...

9.8CVSS8.4AI score0.31974EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/10 12:0 a.m.•30 views

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager EPM contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information...

9.8CVSS7.2AI score0.99835EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/24 12:0 a.m.•30 views

SonicWall SMA1000 Appliances Deserialization Vulnerability

SonicWall SMA1000 Appliance Management Console AMC and Central Management Console CMC contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands...

9.8CVSS7.8AI score0.23432EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/04 12:0 a.m.•30 views

PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

9.1CVSS8.4AI score0.81973EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•30 views

Samsung Mobile Devices Out-of-Bounds Read Vulnerability

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in setskbpriv, leading to remote code execution by dereference of an invalid function pointer...

7.8CVSS8AI score0.00597EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•30 views

Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra Cobalt Strike contains a cross-site scripting XSS vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely...

6.1CVSS5.8AI score0.46446EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/10 12:0 a.m.•30 views

Plex Media Server Remote Code Execution Vulnerability

Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it...

7.2CVSS5.7AI score0.72936EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/15 12:0 a.m.•30 views

Linux Kernel Integer Overflow Vulnerability

Linux kernel fbmmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation...

7.8CVSS6.4AI score0.03373EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•30 views

Google Chromium V8 Out-of-Bounds Memory Vulnerability

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limit...

8.8CVSS8.3AI score0.34703EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•30 views

Microsoft Internet Explorer Privilege Escalation Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...

8.8CVSS6.5AI score0.40289EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•30 views

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7CVSS3.8AI score0.09817EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•30 views

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...

7.8CVSS2.3AI score0.03444EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•30 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object...

9.3CVSS6.7AI score0.74096EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•30 views

Oracle Java SE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D...

10CVSS7.1AI score0.98704EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service DoS condition...

8.6CVSS5.5AI score0.07331EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

10CVSS4.6AI score0.96714EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Microsoft Win32k Privilege Escalation Vulnerability

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges...

7.8CVSS7.6AI score0.562EPSS
Exploits38
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•30 views

Microsoft SMBv1 Remote Code Execution Vulnerability

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS8AI score0.8985EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/17 12:0 a.m.•30 views

Microsoft Exchange Server Remote Code Execution Vulnerability

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution...

8.8CVSS3.9AI score0.90388EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

8.8CVSS8.4AI score0.36514EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

IBM Data Risk Manager Security Bypass Vulnerability

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication proces...

9.8CVSS9.1AI score0.70031EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

VMware vCenter Server Remote Code Execution Vulnerability

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system...

10CVSS9.6AI score0.9957EPSS
Exploits47
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750...

10CVSS9.2AI score0.99997EPSS
Exploits43
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/27 12:0 a.m.•29 views

Daemon Tools Lite Embedded Malicious Code Vulnerability

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability...

9.8CVSS5.8AI score0.01456EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/22 12:0 a.m.•29 views

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

9.8CVSS7.5AI score0.92034EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/15 12:0 a.m.•29 views

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content...

9.1CVSS7.1AI score0.12522EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/19 12:0 a.m.•29 views

SAP NetWeaver Directory Traversal Vulnerability

SAP NetWeaver Application Server AS Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. dot dot in the query string...

7.5CVSS6.9AI score0.94557EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•29 views

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS7.3AI score0.01537EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/14 12:0 a.m.•29 views

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

9.8CVSS9.9AI score0.98259EPSS
Exploits9
Total number of security vulnerabilities1652