Lucene search
K
Cisa KevMost viewed

1642 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2023/06/22 12:0 a.m.116 views

Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

9.8CVSS8.1AI score0.84456EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/10 12:0 a.m.116 views

Fortra GoAnywhere MFT Remote Code Execution Vulnerability

Fortra formerly, HelpSystems GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object...

7.2CVSS7.6AI score0.99999EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/09 12:0 a.m.115 views

Linux Kernel PIE Stack Buffer Corruption Vulnerability

Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...

7.8CVSS7AI score0.10695EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/18 12:0 a.m.115 views

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS7AI score0.99999EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/25 12:0 a.m.115 views

Apple Multiple Products Kernel Privilege Escalation Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation...

7.8CVSS6.7AI score0.02918EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/24 12:0 a.m.113 views

Cisco ASA and FTD Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an infinite loop vulnerability that can lead to remote denial of service condition...

8.6CVSS7.3AI score0.70686EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/25 12:0 a.m.113 views

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names, phone...

10CVSS9.2AI score0.99999EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/17 12:0 a.m.113 views

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file, leading to remote code execution...

7.5CVSS8.2AI score0.99083EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/20 12:0 a.m.112 views

Adobe ColdFusion Improper Access Control Vulnerability

Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass...

7.5CVSS6.9AI score0.99732EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/25 12:0 a.m.111 views

Apple Multiple Products Improper Certificate Validation Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation...

5.5CVSS6.7AI score0.04547EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/23 12:0 a.m.111 views

VMware Tools Authentication Bypass Vulnerability

VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access ove...

3.9CVSS7.1AI score0.13638EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/04 12:0 a.m.110 views

Linux Kernel Use of Uninitialized Resource Vulnerability

The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report...

5.5CVSS6.2AI score0.00809EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/12 12:0 a.m.110 views

Apache Tomcat Remote Code Execution Vulnerability

Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension JMX ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for...

10CVSS8.9AI score0.92334EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.110 views

SIMalliance Toolbox Browser Command Injection Vulnerability

SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message...

9.8CVSS9.4AI score0.04949EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.109 views

Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

Microsoft Windows Kernel contains a time-of-check to time-of-use TOCTOU race condition vulnerability that could allow for privilege escalation...

7CVSS6.7AI score0.68202EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/02 12:0 a.m.109 views

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath...

10CVSS7.5AI score0.99654EPSS
Exploits31
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.108 views

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code...

9.8CVSS7.6AI score0.9921EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/10 12:0 a.m.108 views

F5 BIG-IP Missing Authentication Vulnerability

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

9.8CVSS4.1AI score0.99956EPSS
Exploits63
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/19 12:0 a.m.106 views

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution...

9.8CVSS7.9AI score0.99445EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
added 2022/10/11 12:0 a.m.106 views

Fortinet Multiple Products Authentication Bypass Vulnerability

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...

9.8CVSS2.2AI score0.99984EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/18 12:0 a.m.106 views

Apple iOS and macOS Out-of-Bounds Write Vulnerability

Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content...

8.8CVSS4.2AI score0.09785EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/12/01 12:0 a.m.106 views

Apache HTTP Server-Side Request Forgery (SSRF)

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS1.7AI score0.99999EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2023/08/09 12:0 a.m.105 views

Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability

Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service DoS...

7.5CVSS7.6AI score0.15519EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/23 12:0 a.m.105 views

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges...

7.8CVSS7.4AI score0.51517EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/24 12:0 a.m.104 views

RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

RoundCube Webmail contains a cross-site scripting XSS vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code...

6.1CVSS5.6AI score0.73296EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/24 12:0 a.m.104 views

Cisco ASA and FTD Privilege Escalation Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root...

6CVSS7.3AI score0.19434EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/04 12:0 a.m.102 views

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL input and output control dispatcher in appid.sys that allows a local attacker to achieve privilege escalation...

7.8CVSS7AI score0.51865EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/14 12:0 a.m.101 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts...

8.8CVSS7.2AI score0.88196EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/14 12:0 a.m.101 views

Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability

Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges...

7.8CVSS7.7AI score0.1667EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/15 12:0 a.m.99 views

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution...

9.8CVSS7.9AI score0.84628EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/23 12:0 a.m.96 views

Twilio Authy Information Disclosure Vulnerability

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...

5.3CVSS6.6AI score0.01477EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/02/11 12:0 a.m.93 views

Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...

8.8CVSS8.6AI score0.16342EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/11/08 12:0 a.m.92 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS8AI score0.02389EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/09 12:0 a.m.91 views

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft...

8.8CVSS6.3AI score0.01654EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/02 12:0 a.m.91 views

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic...

7.8CVSS7.8AI score0.16832EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.91 views

Microsoft Internet Explorer Memory Corruption Vulnerability

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

7.6CVSS6.2AI score0.93165EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/22 12:0 a.m.90 views

Apple Multiple Products WebKit Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

8.8CVSS8.7AI score0.12172EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/10 12:0 a.m.89 views

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This...

9.1CVSS7.9AI score0.99999EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/27 12:0 a.m.89 views

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights...

7.8CVSS8.2AI score0.94921EPSS
Exploits152
CISA KEV Catalog
CISA KEV Catalog
added 2024/02/09 12:0 a.m.87 views

Fortinet FortiOS Out-of-Bound Write Vulnerability

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests...

9.8CVSS8.1AI score0.83428EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/07 12:0 a.m.86 views

Android Kernel Remote Code Execution Vulnerability

Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS...

7.8CVSS7.6AI score0.02701EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/24 12:0 a.m.85 views

CrushFTP VFS Sandbox Escape Vulnerability

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system VFS...

10CVSS7.3AI score0.99539EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
added 2025/02/25 12:0 a.m.84 views

Microsoft Partner Center Improper Access Control Vulnerability

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges...

9.8CVSS7.3AI score0.01339EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/23 12:0 a.m.84 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly allocated or 2 is deleted, as demonstrated by a CDwnBindInfo object...

9.3CVSS7.8AI score0.78823EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2023/07/11 12:0 a.m.84 views

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.09083EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/22 12:0 a.m.84 views

Apple Multiple Products WebKit Sandbox Escape Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.6CVSS8.4AI score0.1653EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/07 12:0 a.m.84 views

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution...

8.8CVSS3.2AI score0.14261EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/09 12:0 a.m.83 views

Microsoft Win32K Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges...

7.8CVSS7.2AI score0.40919EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/25 12:0 a.m.83 views

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution...

10CVSS3.5AI score0.99999EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/13 12:0 a.m.82 views

Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...

10CVSS6.8AI score0.0424EPSS
Exploits4
Total number of security vulnerabilities1642