Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•25 views

Apple iOS Memory Corruption Vulnerability

A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service DoS via a crafted application...

9.3CVSS7.1AI score0.23626EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•25 views

Google Chrome WebAudio Use-After-Free Vulnerability

Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.72977EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/06 12:0 a.m.•25 views

Microsoft SMBv1 Server Remote Code Execution Vulnerability

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS8.1AI score0.99373EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•25 views

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability

SonicWall Secure Remote Access SRA products contain an improper neutralization of a SQL Command leading to SQL injection...

9.8CVSS3.5AI score0.30084EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•25 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation...

7.8CVSS3.5AI score0.41683EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•25 views

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability

OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site...

9.3CVSS8.4AI score0.94996EPSS
Exploits39
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•25 views

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation...

7.8CVSS4.4AI score0.2995EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•25 views

Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution...

9.8CVSS4.9AI score0.84621EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•25 views

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.3AI score0.05655EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•25 views

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.3AI score0.09203EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•25 views

Microsoft Windows Privilege Escalation Vulnerability

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system...

7.8CVSS6.3AI score0.07606EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•25 views

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code...

9.3CVSS7.4AI score0.88246EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•25 views

Exim Mail Transfer Agent (MTA) Improper Input Validation

Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

10CVSS4.1AI score0.99961EPSS
Exploits27
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/17 12:0 a.m.•25 views

ExifTool Remote Code Execution Vulnerability

Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

7.8CVSS8.1AI score0.99981EPSS
Exploits39
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges...

9.3CVSS7.7AI score0.28839EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the interface ...

6.1CVSS5.9AI score0.85439EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root user, whi...

10CVSS9AI score0.99999EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Google Chromium Blink Use-After-Free Vulnerability

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, an...

8.8CVSS8.8AI score0.0987EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...

10CVSS8.9AI score0.99999EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

VMware ESXi OpenSLP Use-After-Free Vulnerability

VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution...

10CVSS9.3AI score0.83015EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Accellion FTA OS Command Injection Vulnerability

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call...

7.8CVSS8.8AI score0.03624EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Apple iOS, iPadOS, and macOS Type Confusion Vulnerability

Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.8AI score0.0415EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language OGNL injection vulnerability that may allow an unauthenticated attacker to execute code...

9.8CVSS9.6AI score0.99999EPSS
Exploits45
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication FortiToken if they change the case in their username...

9.8CVSS8.9AI score0.49344EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Micro Focus Access Manager Information Leakage Vulnerability

Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used...

7.5CVSS8.3AI score0.25695EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...

8.8CVSS8.1AI score0.24188EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

9.8CVSS8.8AI score0.99999EPSS
Exploits63
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882...

10CVSS9.4AI score0.99997EPSS
Exploits43
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.3AI score0.4523EPSS
Exploits26
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.4AI score0.53298EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Trend Micro Multiple Products Improper Input Validation Vulnerability

Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.01482EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability

Zyxel firewalls ATP, USG, VM and AP Controllers NXC2500 and NXC5500 contain a use of hard-coded credentials vulnerability in an undocumented account "zyfwp" with an unchangeable password...

10CVSS8.9AI score0.90049EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•25 views

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...

7.5CVSS8.2AI score0.98567EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/06 12:0 a.m.•24 views

Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability

Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal aka Captive Portal service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted...

9.8CVSS6.4AI score0.32074EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/26 12:0 a.m.•24 views

Aquasecurity Trivy Embedded Malicious Code Vulnerability

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory...

9.4CVSS6.1AI score0.60368EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/09 12:0 a.m.•24 views

Microsoft Windows Use After Free Vulnerability

Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally...

7.8CVSS6.8AI score0.02383EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/25 12:0 a.m.•24 views

Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key...

6.5CVSS7AI score0.05663EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/02 12:0 a.m.•24 views

Commvault Command Center Path Traversal Vulnerability

Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code...

10CVSS7.8AI score0.97292EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/18 12:0 a.m.•24 views

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts...

9.1CVSS9.6AI score0.98417EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/16 12:0 a.m.•24 views

Aviatrix Controllers OS Command Injection Vulnerability

Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for listflightpathdestinationinstances, or srccloudtype for flightpathconnectiontest...

10CVSS8.1AI score0.98545EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/16 12:0 a.m.•24 views

Adobe ColdFusion Improper Access Control Vulnerability

Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel...

7.4CVSS6.7AI score0.98514EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/03 12:0 a.m.•24 views

ProjectSend Improper Authentication Vulnerability

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...

9.8CVSS7.1AI score0.91559EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/21 12:0 a.m.•24 views

Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting XSS attack...

6.3CVSS5.7AI score0.22728EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/20 12:0 a.m.•24 views

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...

9.8CVSS8.2AI score0.54143EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/16 12:0 a.m.•24 views

D-Link DIR-605 Router Information Disclosure Vulnerability

D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page...

7.5CVSS6.8AI score0.87039EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/11 12:0 a.m.•24 views

D-Link Multiple NAS Devices Command Injection Vulnerability

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution...

10CVSS8.1AI score0.99997EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/21 12:0 a.m.•24 views

QNAP VioStor NVR OS Command Injection Vulnerability

QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network...

8.8CVSS7.9AI score0.73277EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/08/22 12:0 a.m.•24 views

Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability

Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may...

7.5CVSS7AI score0.7761EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•24 views

Samsung Mobile Devices Race Condition Vulnerability

Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised...

6.4CVSS7.1AI score0.00366EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•24 views

Google Chromium Network Service Use-After-Free Vulnerability

Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

8.8CVSS8.8AI score0.24738EPSS
Exploits1
Total number of security vulnerabilities1652