Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•28 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution...

9.3CVSS4AI score0.14721EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•28 views

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4AI score0.07304EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•28 views

Google Pixel Out-of-Bounds Write Vulnerability

Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege...

7.8CVSS3.1AI score0.00732EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•28 views

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...

8.1CVSS3.5AI score0.92017EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•28 views

Oracle Java SE Integrity Check Vulnerability

Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment...

5.3CVSS6.6AI score0.13354EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•28 views

Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol PN-DCP for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service...

7.8CVSS4.5AI score0.07128EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/15 12:0 a.m.•28 views

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution...

10CVSS4.2AI score0.99199EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•28 views

Oracle Corporation WebLogic Server Remote Code Execution Vulnerability

Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution...

7.5CVSS3.7AI score0.99993EPSS
Exploits45
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/04 12:0 a.m.•28 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.55711EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•28 views

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

10CVSS9.4AI score0.94719EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•28 views

Microsoft Exchange Server Security Feature Bypass Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...

6.6CVSS8.1AI score0.99782EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/13 12:0 a.m.•27 views

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

8.8CVSS6.6AI score0.02EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/07 12:0 a.m.•27 views

GeoVision Devices OS Command Injection Vulnerability

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS9.9AI score0.28554EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/24 12:0 a.m.•27 views

reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

8.6CVSS7.4AI score0.02296EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/24 12:0 a.m.•27 views

Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

Oracle Agile Product Lifecycle Management PLM contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system...

8.8CVSS6.5AI score0.03405EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/14 12:0 a.m.•27 views

Palo Alto Networks Expedition SQL Injection Vulnerability

Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...

9.2CVSS8AI score0.99609EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/03 12:0 a.m.•27 views

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.9AI score0.74279EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/13 12:0 a.m.•27 views

Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access...

9.8CVSS7AI score0.97482EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•27 views

D-Link DIR-859 Router Command Execution Vulnerability

D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local...

10CVSS7.6AI score0.89624EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/21 12:0 a.m.•27 views

MinIO Information Disclosure Vulnerability

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure...

7.5CVSS6.9AI score0.83957EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/17 12:0 a.m.•27 views

Apple macOS Use-After-Free Vulnerability

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation...

7.8CVSS8.1AI score0.00701EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•27 views

Veritas Backup Exec Agent Command Execution Vulnerability

Veritas Backup Exec BE Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine...

9CVSS9.2AI score0.23952EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/20 12:0 a.m.•27 views

Linux Kernel Privilege Escalation Vulnerability

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

8.8CVSS3.5AI score0.43988EPSS
Exploits27
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/15 12:0 a.m.•27 views

Linux Kernel Privilege Escalation Vulnerability

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...

8.4CVSS4.1AI score0.47709EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•27 views

dotCMS Unrestricted Upload of File Vulnerability

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution...

9.8CVSS4.9AI score0.91501EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•27 views

Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability

The Universal 3D U3D component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service DoS...

10CVSS9.7AI score0.86238EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•27 views

QNAP Photo Station Path Traversal Vulnerability

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

9.8CVSS5AI score0.82966EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•27 views

Microsoft Win32k Privilege Escalation Vulnerability

Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service DoS...

8.8CVSS6.4AI score0.14958EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•27 views

Kaseya VSA SQL Injection Vulnerability

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...

9.8CVSS3.7AI score0.86706EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•27 views

Microsoft Windows Event Tracing Privilege Escalation Vulnerability

Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation...

7.8CVSS3.9AI score0.07428EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•27 views

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint...

5.3CVSS6.1AI score0.99937EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•27 views

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

8.1CVSS7.1AI score0.88559EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•27 views

Exim Privilege Escalation Vulnerability

Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands...

7.8CVSS8.9AI score0.17794EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•27 views

Microsoft Windows Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS3.4AI score0.04679EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•27 views

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure...

5.3CVSS2.9AI score0.88012EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•27 views

Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability

An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution...

10CVSS5.8AI score0.25469EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•27 views

Adobe Flash Player Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content...

9.3CVSS7.9AI score0.70384EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/22 12:0 a.m.•27 views

Zabbix Frontend Authentication Bypass Vulnerability

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...

9.8CVSS3.9AI score0.95683EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/15 12:0 a.m.•27 views

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"...

7.6CVSS2.9AI score0.87639EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•27 views

Apache Struts 1 Improper Input Validation Vulnerability

The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS4.1AI score0.98931EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•27 views

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

7.8CVSS3.9AI score0.00873EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability

Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...

9CVSS8.3AI score0.12084EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Google Chrome FreeType Heap Buffer Overflow Vulnerability

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function LoadSBitPng when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and...

9.6CVSS8AI score0.5063EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution...

8.8CVSS8AI score0.96843EPSS
Exploits38
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability

Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...

7.5CVSS6.4AI score0.64051EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database RDB products contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS9.5AI score0.99737EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...

7.8CVSS8.1AI score0.94243EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP NSIP in order to perform exploitation...

6.5CVSS6.8AI score0.88411EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...

7.5CVSS7.1AI score0.99903EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability

F5 BIG-IP Traffic Management User Interface TMUI contains a remote code execution vulnerability in undisclosed pages...

10CVSS9.4AI score0.99999EPSS
Exploits60
Total number of security vulnerabilities1652