Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•23 views

Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...

9.8CVSS9.2AI score0.99737EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•22 views

Hikvision Multiple Products Improper Authentication Vulnerability

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information...

9.8CVSS6AI score0.99998EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/03 12:0 a.m.•22 views

Qualcomm Multiple Chipsets Memory Corruption Vulnerability

Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation...

7.8CVSS5.9AI score0.01068EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/27 12:0 a.m.•22 views

Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability

Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication...

9.8CVSS5.9AI score0.85844EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/26 12:0 a.m.•22 views

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted products could be end-of-life EoL and/or end-of-servic...

7.8CVSS7.3AI score0.72152EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/25 12:0 a.m.•22 views

D-Link DIR-859 Router Path Traversal Vulnerability

D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...

9.8CVSS7.8AI score0.82714EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/09 12:0 a.m.•22 views

Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability

Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...

10CVSS10AI score0.97859EPSS
Exploits36
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/05 12:0 a.m.•22 views

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.8AI score0.0645EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/19 12:0 a.m.•22 views

MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

6.1CVSS5.9AI score0.17105EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/03 12:0 a.m.•22 views

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

8.8CVSS7.3AI score0.9767EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/03 12:0 a.m.•22 views

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...

9.8CVSS6.8AI score0.92266EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/07 12:0 a.m.•22 views

Trimble Cityworks Deserialization Vulnerability

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.7AI score0.31309EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/07 12:0 a.m.•22 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...

9.8CVSS7.2AI score0.94928EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/18 12:0 a.m.•22 views

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators...

9.8CVSS7.3AI score0.99698EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/16 12:0 a.m.•22 views

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...

9.8CVSS8.6AI score0.99999EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/10 12:0 a.m.•22 views

Adobe Acrobat and Reader Use-After-Free Vulnerability

Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user...

7.8CVSS7.4AI score0.61475EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•22 views

D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

7.8CVSS7.6AI score0.97109EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•22 views

Samsung Mobile Devices Improper Boundary Check Vulnerability

Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access...

7.2CVSS7AI score0.00804EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•22 views

Veritas Backup Exec Agent Improper Authentication Vulnerability

Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...

9.8CVSS9.2AI score0.6491EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/07 12:0 a.m.•22 views

Teclib GLPI Remote Code Execution Vulnerability

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...

9.8CVSS2.2AI score0.99628EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•22 views

Samsung Mobile Devices Memory Corruption Vulnerability

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

6.1CVSS1.8AI score0.0089EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•22 views

Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability

Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files improper input validation resulting in an out-of-bounds write that allows for code execution...

7.8CVSS5.6AI score0.77892EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/22 12:0 a.m.•22 views

Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...

8.6CVSS3AI score0.02126EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/18 12:0 a.m.•22 views

Microsoft Windows Runtime Remote Code Execution Vulnerability

Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution...

9.3CVSS8.1AI score0.53655EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/27 12:0 a.m.•22 views

Apple iOS and iPadOS Buffer Overflow Vulnerability

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges...

9.3CVSS5.2AI score0.02934EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•22 views

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D U3D support that could lead to remote code execution...

10CVSS5.4AI score0.83855EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•22 views

Microsoft Word Malformed Object Pointer Vulnerability

Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code...

8.8CVSS4.9AI score0.48387EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•22 views

Microsoft Internet Explorer Privilege Escalation Vulnerability

Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...

8.8CVSS7.3AI score0.26349EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•22 views

Microsoft Silverlight Information Disclosure Vulnerability

Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...

5.5CVSS4.5AI score0.6961EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•22 views

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...

6.5CVSS1.1AI score0.07505EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•22 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4.1AI score0.01968EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•22 views

Crestron Multiple Products Command Injection Vulnerability

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10CVSS3.1AI score0.98952EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•22 views

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS6.7AI score0.8582EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•22 views

WatchGuard Firebox and XTM Privilege Escalation Vulnerability

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...

9CVSS5.2AI score0.12793EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•22 views

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service DoS...

9.3CVSS7.5AI score0.078EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS7.5AI score0.95586EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

Citrix SD-WAN and NetScaler SQL Injection Vulnerability

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...

9.8CVSS3.4AI score0.94131EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

Cisco VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...

10CVSS7.4AI score0.55409EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

phpMyAdmin Remote Code Execution Vulnerability

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

9.8CVSS2.1AI score0.95438EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

QNAP Helpdesk Improper Access Control Vulnerability

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...

9.8CVSS4.3AI score0.01982EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication...

10CVSS3.7AI score0.04362EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•22 views

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS2.9AI score0.06886EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•22 views

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory...

7.2CVSS2.9AI score0.73721EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS4.1AI score0.10788EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Linux Kernel Race Condition Vulnerability

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges...

7.2CVSS4.7AI score0.83524EPSS
Exploits82
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Adobe Flash Player Memory Corruption Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution...

10CVSS7.1AI score0.7983EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•22 views

Microsoft Windows SAM Local Privilege Escalation Vulnerability

If a Volume Shadow Copy VSS shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level...

7.8CVSS4.1AI score0.67252EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/21 12:0 a.m.•22 views

SolarWinds Serv-U Improper Input Validation Vulnerability

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...

5.3CVSS6.4AI score0.03359EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•22 views

Nagios XI OS Command Injection

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS2.6AI score0.71536EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•22 views

Oracle Business Intelligence Enterprise Edition Path Transversal

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

7.8CVSS4.5AI score0.97233EPSS
Exploits2
Total number of security vulnerabilities1652