Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/24 12:0 a.m.•24 views

GIGABYTE Multiple Products Privilege Escalation Vulnerability

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...

7.8CVSS3.9AI score0.03671EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•24 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server...

9.8CVSS4.9AI score0.99448EPSS
Exploits69
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/22 12:0 a.m.•24 views

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...

8.6CVSS3AI score0.02126EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•24 views

Oracle JRE Sandbox Bypass Vulnerability

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle allows remote attackers to bypass the Java security sandbox...

5.3CVSS6AI score0.89987EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/19 12:0 a.m.•24 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation...

7.8CVSS3.5AI score0.18464EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•24 views

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status...

7.8CVSS2.7AI score0.03478EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/25 12:0 a.m.•24 views

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory...

9.3CVSS3.3AI score0.89889EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•24 views

Apache Airflow Command Injection

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

8.8CVSS2.8AI score0.99118EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•24 views

FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...

9.8CVSS3.2AI score0.39824EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/01 12:0 a.m.•24 views

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7.8CVSS1.5AI score0.01772EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/01 12:0 a.m.•24 views

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

9.8CVSS3.8AI score0.99854EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...

8.1CVSS7.3AI score0.89436EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Adobe ColdFusion Unrestricted File Upload Vulnerability

Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution...

10CVSS9.3AI score0.9995EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.8CVSS8.9AI score0.03692EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution...

10CVSS9.8AI score0.5432EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Apple Multiple Products Memory Initialization Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory...

7.1CVSS6.1AI score0.1652EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Apple macOS Unspecified Vulnerability

Apple macOS Transparency, Consent, and Control TCC contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences...

7.8CVSS7.3AI score0.0658EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Cisco IOS XR Software Discovery Protocol Format String Vulnerability

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device...

8.8CVSS8.5AI score0.11685EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...

6.5CVSS6.4AI score0.33263EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...

4.3CVSS5.6AI score0.26333EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Drupal Core Remote Code Execution Vulnerability

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise...

9.8CVSS9.4AI score0.99993EPSS
Exploits46
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution...

8.8CVSS9.2AI score0.59139EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode...

7.8CVSS7.6AI score0.15932EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.5AI score0.0833EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Windows DNS Server Remote Code Execution Vulnerability

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...

10CVSS9.3AI score0.92178EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...

7.8CVSS8.8AI score0.94008EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

Microsoft Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

8.4CVSS7.6AI score0.06555EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

7.8CVSS7.3AI score0.80968EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution...

10CVSS8.7AI score0.99999EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

Microsoft Netlogon Privilege Escalation Vulnerability

Microsoft's Netlogon Remote Protocol MS-NRPC contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a...

10CVSS9AI score0.99512EPSS
Exploits75
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•24 views

VMware vCenter Server Information Disclosure Vulnerability

VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service vmdir when the Platform Services Controller PSC does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive...

9.8CVSS8.2AI score0.90384EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/26 12:0 a.m.•23 views

Citrix NetScaler Memory Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service...

9.8CVSS8.5AI score0.18973EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/05 12:0 a.m.•23 views

D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddnsenc.cgi. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9CVSS9.2AI score0.52717EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/25 12:0 a.m.•23 views

D-Link DIR-859 Router Path Traversal Vulnerability

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

9.8CVSS7.8AI score0.82714EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/19 12:0 a.m.•23 views

Srimax Output Messenger Directory Traversal Vulnerability

Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS7AI score0.01782EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/19 12:0 a.m.•23 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript...

6.1CVSS5.9AI score0.19543EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/24 12:0 a.m.•23 views

Adobe ColdFusion Deserialization Vulnerability

Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...

10CVSS7.5AI score0.90597EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/06 12:0 a.m.•23 views

7-Zip Mark of the Web Bypass Vulnerability

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...

7CVSS8AI score0.67071EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/07 12:0 a.m.•23 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...

9.8CVSS7.2AI score0.94928EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/07 12:0 a.m.•23 views

Nostromo nhttpd Directory Traversal Vulnerability

Nostromo nhttpd contains a directory traversal vulnerability in the httpverify function in a non-chrooted nhttpd server allowing for remote code execution...

9.8CVSS8.2AI score0.99057EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2024/03/06 12:0 a.m.•23 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...

7.8CVSS7.4AI score0.01411EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/22 12:0 a.m.•23 views

ConnectWise ScreenConnect Authentication Bypass Vulnerability

ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices...

10CVSS7.3AI score0.99959EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/21 12:0 a.m.•23 views

FXC AE1021, AE1021PE OS Command Injection Vulnerability

FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network...

8.8CVSS7.9AI score0.50729EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/05 12:0 a.m.•23 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...

8.4CVSS7.2AI score0.0045EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/11 12:0 a.m.•23 views

Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability

Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064...

7.8CVSS7.1AI score0.15263EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/08/16 12:0 a.m.•23 views

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...

9.8CVSS7.1AI score0.95076EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/01 12:0 a.m.•23 views

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...

10CVSS7.8AI score0.99999EPSS
Exploits357
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•23 views

Veritas Backup Exec Agent File Access Vulnerability

Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...

8.1CVSS8.7AI score0.13411EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•23 views

QNAP QTS Improper Input Validation Vulnerability

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system...

10CVSS5.8AI score0.14367EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•23 views

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS9.7AI score0.82365EPSS
Exploits22
Total number of security vulnerabilities1652