Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•30 views

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory...

7.8CVSS2.3AI score0.03444EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•30 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object...

9.3CVSS6.7AI score0.74096EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•30 views

Microsoft Win32k Memory Corruption Vulnerability

The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application...

8.2CVSS6.1AI score0.10929EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Microsoft Win32k Privilege Escalation Vulnerability

An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges...

7.8CVSS7.6AI score0.562EPSS
Exploits38
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

10CVSS4.6AI score0.96714EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•30 views

Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 IKEv1 functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service DoS condition...

8.6CVSS5.5AI score0.07331EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•30 views

Microsoft SMBv1 Remote Code Execution Vulnerability

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS8AI score0.8985EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/04 12:0 a.m.•30 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.55711EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•30 views

Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference

Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...

9.8CVSS9.6AI score0.99986EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/17 12:0 a.m.•30 views

Microsoft Exchange Server Remote Code Execution Vulnerability

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution...

8.8CVSS3.9AI score0.90388EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

8.8CVSS8.4AI score0.36514EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750...

10CVSS9.2AI score0.99997EPSS
Exploits43
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

VMware vCenter Server Remote Code Execution Vulnerability

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system...

10CVSS9.6AI score0.9957EPSS
Exploits47
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•30 views

IBM Data Risk Manager Security Bypass Vulnerability

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication proces...

9.8CVSS9.1AI score0.70031EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/27 12:0 a.m.•29 views

Daemon Tools Lite Embedded Malicious Code Vulnerability

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability...

9.8CVSS5.8AI score0.01456EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/13 12:0 a.m.•29 views

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

8.8CVSS6.6AI score0.02EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/22 12:0 a.m.•29 views

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

9.8CVSS7.5AI score0.92034EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/15 12:0 a.m.•29 views

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content...

9.1CVSS7.1AI score0.12522EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/18 12:0 a.m.•29 views

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests...

8.1CVSS7.8AI score0.03092EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•29 views

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS7.3AI score0.01537EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/17 12:0 a.m.•29 views

Adobe Flash Player Double Free Vulnerablity

Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.24204EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/16 12:0 a.m.•29 views

Progress WhatsUp Gold SQL Injection Vulnerability

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...

9.8CVSS8.4AI score0.94661EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/09 12:0 a.m.•29 views

Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request...

9.8CVSS7.3AI score0.99485EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/20 12:0 a.m.•29 views

NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability

NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request...

9.8CVSS8.3AI score0.82708EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/31 12:0 a.m.•29 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use TOCTOU memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication...

7CVSS8.2AI score0.00487EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/24 12:0 a.m.•29 views

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication IPC channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privilege...

7.8CVSS3.6AI score0.10049EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•29 views

Oracle JRE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment JRE in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors...

9.8CVSS6.3AI score0.96319EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•29 views

VMware Multiple Products Privilege Escalation Vulnerability

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts...

7.8CVSS3.4AI score0.37171EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•29 views

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.2AI score0.14393EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•29 views

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service DoS or possibly execute malicious code via a crafted web site...

9.3CVSS8.2AI score0.69021EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•29 views

Sitecore XP Remote Command Execution Vulnerability

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...

10CVSS4.3AI score0.97904EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•29 views

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...

8.1CVSS3.5AI score0.92017EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•29 views

OpenSMTPD Remote Code Execution Vulnerability

smtpmailaddr in smtpsession.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session...

10CVSS7.5AI score0.98946EPSS
Exploits27
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•29 views

Exim Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...

9.8CVSS9.8AI score0.71901EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•29 views

Adobe Reader and Acrobat Memory Corruption Vulnerability

Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service...

10CVSS7.5AI score0.78581EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•29 views

Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service...

7.8CVSS5.3AI score0.07128EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•29 views

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

The Java Runtime Environment JRE component in Oracle Java SE allow for remote code execution...

10CVSS5.1AI score0.98536EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/15 12:0 a.m.•29 views

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution...

10CVSS4.2AI score0.99199EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/15 12:0 a.m.•29 views

Microsoft Word Memory Corruption Vulnerability

Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution...

9.3CVSS9.3AI score0.7746EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/15 12:0 a.m.•29 views

Google Chromium V8 Use-After-Free Vulnerability

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.7AI score0.07836EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Google Chromium Intents Improper Input Validation Vulnerability

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

6.1CVSS7.2AI score0.04485EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Exim Buffer Overflow Vulnerability

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution...

9.8CVSS9.7AI score0.82238EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

SonicWall SSLVPN SMA100 SQL Injection Vulnerability

SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker...

9.8CVSS9.9AI score0.40038EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS8.8AI score0.99946EPSS
Exploits30
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.8AI score0.05387EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...

8CVSS8.3AI score0.98617EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•29 views

Trend Micro Multiple Products Improper Input Validation Vulnerability

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files...

8.8CVSS8.4AI score0.04951EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/07 12:0 a.m.•28 views

Adobe ColdFusion Path Traversal Vulnerability

Adobe ColdFusion contains a path traversal vulnerability that could lead to arbitrary code execution in the context of the current user...

10CVSS7.9AI score0.28583EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•28 views

Apple iOS and iPadOS Use-After-Free Vulnerability

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS6.2AI score0.0141EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/14 12:0 a.m.•28 views

Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability

Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default...

10CVSS8.5AI score0.95343EPSS
Exploits23
Total number of security vulnerabilities1652