Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/10 12:0 a.m.•22 views

Adobe Acrobat and Reader Use-After-Free Vulnerability

Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user...

7.8CVSS7.4AI score0.61475EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•22 views

D-Link DWL-2600AP Access Point Command Injection Vulnerability

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

7.8CVSS7.6AI score0.97109EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•22 views

Samsung Mobile Devices Improper Boundary Check Vulnerability

Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access...

7.2CVSS7AI score0.00804EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•22 views

Veritas Backup Exec Agent Improper Authentication Vulnerability

Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...

9.8CVSS9.2AI score0.6491EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/07 12:0 a.m.•22 views

Teclib GLPI Remote Code Execution Vulnerability

Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...

9.8CVSS2.2AI score0.99628EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/21 12:0 a.m.•22 views

Mitel MiVoice Connect Command Injection Vulnerability

The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system...

6.8CVSS4.5AI score0.10481EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•22 views

Samsung Mobile Devices Memory Corruption Vulnerability

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

6.1CVSS1.8AI score0.0089EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•22 views

Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability

Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files improper input validation resulting in an out-of-bounds write that allows for code execution...

7.8CVSS5.6AI score0.77892EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/18 12:0 a.m.•22 views

Microsoft Windows Runtime Remote Code Execution Vulnerability

Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution...

9.3CVSS8.1AI score0.53655EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/27 12:0 a.m.•22 views

Apple iOS and iPadOS Buffer Overflow Vulnerability

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges...

9.3CVSS5.2AI score0.02934EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•22 views

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

Adobe Acrobat and Reader contains an array boundary issue in Universal 3D U3D support that could lead to remote code execution...

10CVSS5.4AI score0.83855EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•22 views

Mozilla Firefox Security Feature Bypass Vulnerability

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges...

8.8CVSS7.3AI score0.70226EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•22 views

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...

6.5CVSS1.1AI score0.07505EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•22 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4.1AI score0.01968EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•22 views

WatchGuard Firebox and XTM Privilege Escalation Vulnerability

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...

9CVSS5.2AI score0.12793EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•22 views

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability

Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code...

10CVSS7.5AI score0.66555EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•22 views

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service DoS...

9.3CVSS7.5AI score0.078EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

QNAP Helpdesk Improper Access Control Vulnerability

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...

9.8CVSS4.3AI score0.01982EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS7.5AI score0.95586EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication...

10CVSS3.7AI score0.04362EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

Citrix SD-WAN and NetScaler SQL Injection Vulnerability

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...

9.8CVSS3.4AI score0.94131EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•22 views

phpMyAdmin Remote Code Execution Vulnerability

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

9.8CVSS2.1AI score0.95438EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•22 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode...

7.8CVSS3AI score0.20625EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Adobe Flash Player Memory Corruption Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution...

10CVSS7.1AI score0.7983EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Mozilla Firefox Information Disclosure Vulnerability

Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site...

6.5CVSS4.4AI score0.06696EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS4.1AI score0.10788EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•22 views

Linux Kernel Race Condition Vulnerability

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges...

7.2CVSS4.7AI score0.83524EPSS
Exploits82
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•22 views

Microsoft Windows SAM Local Privilege Escalation Vulnerability

If a Volume Shadow Copy VSS shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level...

7.8CVSS4.1AI score0.67252EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/21 12:0 a.m.•22 views

SolarWinds Serv-U Improper Input Validation Vulnerability

SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...

5.3CVSS6.4AI score0.03359EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•22 views

Nagios XI OS Command Injection

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS2.6AI score0.71536EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•22 views

F5 BIG-IP Traffic Management Microkernel Buffer Overflow

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls...

9.8CVSS4AI score0.61064EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•22 views

Oracle Business Intelligence Enterprise Edition Path Transversal

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

7.8CVSS4.5AI score0.97233EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•22 views

Google Chrome Media Use-After-Free Vulnerability

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page...

9.3CVSS8.4AI score0.10586EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•22 views

IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands...

10CVSS9.6AI score0.97655EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/15 12:0 a.m.•22 views

Microsoft Windows AppX Installer Spoofing Vulnerability

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability...

7.1CVSS3.1AI score0.10295EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/17 12:0 a.m.•22 views

Microsoft Windows Win32k Privilege Escalation Vulnerability

Unspecified vulnerability allows for an authenticated user to escalate privileges...

7.8CVSS3.7AI score0.73381EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Apple Multiple Products Code Execution Vulnerability

Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges...

7.8CVSS7.4AI score0.00829EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM...

7.5CVSS7.2AI score0.66023EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY...

7.8CVSS8AI score0.75994EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously...

8.4CVSS7.8AI score0.0115EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

SonicWall Email Security Unrestricted Upload of File Vulnerability

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...

7.5CVSS8.2AI score0.16509EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

10CVSS9.7AI score0.82516EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution...

9.8CVSS9.7AI score0.9896EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

9.3CVSS8.5AI score0.99993EPSS
Exploits41
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution...

9.8CVSS9.4AI score0.99723EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known unde...

9CVSS8.8AI score0.99759EPSS
Exploits41
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

TeamViewer Desktop Bypass Remote Login Vulnerability

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

7CVSS7.1AI score0.04707EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

10CVSS9.3AI score0.79673EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/01 12:0 a.m.•21 views

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation...

7.8CVSS6AI score0.96267EPSS
Exploits230
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/10 12:0 a.m.•21 views

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.01517EPSS
Exploits0
Total number of security vulnerabilities1652