Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•27 views

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...

7.8CVSS8.1AI score0.94243EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•26 views

Microsoft Defender Denial of Service Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for denial of service...

7.5CVSS5.8AI score0.63076EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•26 views

Apple iOS and iPadOS Use-After-Free Vulnerability

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges...

7.8CVSS6.2AI score0.0141EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/24 12:0 a.m.•26 views

Adobe Commerce and Magento Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API...

9.1CVSS7AI score0.96742EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/02 12:0 a.m.•26 views

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device...

5.4CVSS7.1AI score0.04116EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/12 12:0 a.m.•26 views

Microsoft Office Excel Remote Code Execution Vulnerability

Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a...

9.3CVSS8.1AI score0.42139EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/15 12:0 a.m.•26 views

Google Chromium Loader Insufficient Policy Enforcement Vulnerability

Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS6.8AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/13 12:0 a.m.•26 views

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS7.3AI score0.02129EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/08 12:0 a.m.•26 views

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution...

9CVSS8.7AI score0.99971EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/18 12:0 a.m.•26 views

NUUO NVRmini2 Devices Missing Authentication Vulnerability

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

10CVSS9.7AI score0.49431EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/21 12:0 a.m.•26 views

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Oracle Agile Product Lifecycle Management PLM contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure...

7.5CVSS6.8AI score0.01496EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/12 12:0 a.m.•26 views

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user...

6.5CVSS6.4AI score0.81817EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/07 12:0 a.m.•26 views

Qlik Sense Path Traversal Vulnerability

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints...

8.2CVSS7.1AI score0.82646EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/12 12:0 a.m.•26 views

Multiple Ruckus Wireless Products CSRF and RCE Vulnerability

Ruckus Wireless Access Point AP software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery CSRF or remote code execution RCE. This vulnerability impacts Ruckus ZoneDirector,...

9.8CVSS9.5AI score0.95326EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/17 12:0 a.m.•26 views

Apple macOS Use-After-Free Vulnerability

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation...

7.8CVSS8.1AI score0.00701EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•26 views

Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution...

9.8CVSS9.6AI score0.02706EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/28 12:0 a.m.•26 views

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product...

9.8CVSS3.5AI score0.96284EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•26 views

QNAP Photo Station Path Traversal Vulnerability

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...

9.8CVSS5AI score0.89681EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•26 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS8.5AI score0.31212EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•26 views

Red Hat JBoss Information Disclosure Vulnerability

Unauthenticated access to the JBoss Application Server Web Console /web-console is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information...

7.5CVSS0.8AI score0.62308EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•26 views

Microsoft Silverlight Information Disclosure Vulnerability

Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...

5.5CVSS4.5AI score0.6961EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•26 views

WhatsApp Cross-Site Scripting Vulnerability

A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading...

8.2CVSS1.7AI score0.67859EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•26 views

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution...

9.8CVSS6AI score0.328EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/06 12:0 a.m.•26 views

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

9.8CVSS2.3AI score0.99657EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•26 views

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands...

9.8CVSS9.1AI score0.99906EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•26 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS4.3AI score0.70559EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•26 views

Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

There is a vulnerability in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service...

7.8CVSS5AI score0.07128EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•26 views

Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference

Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...

9.8CVSS9.6AI score0.99986EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•26 views

Linux Kernel Improper Privilege Management Vulnerability

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access...

7.8CVSS7.1AI score0.52199EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Cisco ASA and FTD Read-Only Path Traversal Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affect...

7.5CVSS7.4AI score0.99992EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Multiple DrayTek Vigor Routers Web Management Page Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...

10CVSS9.5AI score0.99993EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

IBM Data Risk Manager Remote Code Execution Vulnerability

IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�...

9.1CVSS9AI score0.61692EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

IBM Data Risk Manager Directory Traversal Vulnerability

IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...

4.3CVSS5.3AI score0.68544EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Microsoft Windows Kernel Information Disclosure Vulnerability

Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process...

5.5CVSS6.2AI score0.81107EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability

Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...

7.5CVSS6.4AI score0.64051EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...

9CVSS8.5AI score0.99965EPSS
Exploits30
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS8.8AI score0.89509EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•26 views

Netis WF2419 Devices Remote Code Execution Vulnerability

Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page...

8.5CVSS8AI score0.27962EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/23 12:0 a.m.•25 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine...

9.8CVSS6.9AI score0.05426EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/25 12:0 a.m.•25 views

Citrix Session Recording Deserialization of Untrusted Data Vulnerability

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server...

8CVSS9.5AI score0.14736EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/28 12:0 a.m.•25 views

Cisco Identity Services Engine Injection Vulnerability

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...

10CVSS7.8AI score0.65098EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/09 12:0 a.m.•25 views

Linux Kernel Out-of-Bounds Read Vulnerability

Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information...

7.1CVSS6.4AI score0.01325EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/18 12:0 a.m.•25 views

Reolink RLC-410W IP Camera OS Command Injection Vulnerability

Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality...

9.1CVSS7.2AI score0.47915EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/16 12:0 a.m.•25 views

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...

9.8CVSS8.6AI score0.99999EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•25 views

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...

5.3CVSS7.8AI score0.84692EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/19 12:0 a.m.•25 views

Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization ASLR bypass...

4.4CVSS6.4AI score0.02554EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•25 views

Grafana Authentication Bypass Vulnerability

Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss...

9.8CVSS5.2AI score0.99888EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•25 views

Google Chromium V8 Out-of-Bounds Write Vulnerability

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

6.5CVSS6.6AI score0.55925EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•25 views

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability

Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS6.9AI score0.25006EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•25 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application...

7.8CVSS6.1AI score0.05169EPSS
Exploits0
Total number of security vulnerabilities1652