Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability

Microsoft Windows Local Security Authority LSA contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM...

7.5CVSS7.2AI score0.66023EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

SonicWall Email Security Unrestricted Upload of File Vulnerability

SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and...

7.5CVSS8.2AI score0.16509EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

TeamViewer Desktop Bypass Remote Login Vulnerability

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

7CVSS7.1AI score0.04707EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known unde...

9CVSS8.8AI score0.99759EPSS
Exploits41
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

10CVSS9.3AI score0.79673EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability

Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...

10CVSS9.7AI score0.82516EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•22 views

Nagios XI Remote Code Execution Vulnerability

Nagios XI contains a remote code execution vulnerability in which a user can modify the checkplugin executable and insert malicious commands to execute as root...

9CVSS9.1AI score0.77741EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/01 12:0 a.m.•21 views

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation...

7.8CVSS6AI score0.96267EPSS
Exploits230
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/10 12:0 a.m.•21 views

Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability

Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.01517EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/23 12:0 a.m.•21 views

Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability

Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution...

9.8CVSS6.1AI score0.22377EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/13 12:0 a.m.•21 views

Microsoft Windows Information Disclosure Vulnerability

Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally...

5.5CVSS6.2AI score0.05028EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/22 12:0 a.m.•21 views

Microsoft SharePoint Code Injection Vulnerability

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust...

9.8CVSS8.9AI score0.99979EPSS
Exploits41
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/12 12:0 a.m.•21 views

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...

4.9CVSS6.8AI score0.00407EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/16 12:0 a.m.•21 views

SonicWall SMA100 Appliances OS Command Injection Vulnerability

SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution...

6.8CVSS8AI score0.0389EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/20 12:0 a.m.•21 views

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution...

8.1CVSS8.3AI score0.04714EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/05 12:0 a.m.•21 views

Linux Kernel Out-of-Bounds Write Vulnerability

Linux kernel contains an out-of-bounds write vulnerability in the uvcparsestreaming component of the USB Video Class UVC driver that could allow for physical escalation of privilege...

7.8CVSS7AI score0.03301EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/20 12:0 a.m.•21 views

VMware vCenter Server Privilege Escalation Vulnerability

VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet...

9.8CVSS7.1AI score0.16676EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/07 12:0 a.m.•21 views

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

9CVSS7.2AI score0.0302EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/13 12:0 a.m.•21 views

Android Framework Privilege Escalation Vulnerability

Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed...

7.8CVSS7.6AI score0.01445EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•21 views

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.5AI score0.05204EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•21 views

Apache APISIX Authentication Bypass Vulnerability

Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution...

9.8CVSS4.3AI score0.96182EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•21 views

Adobe Reader and Acrobat Sandbox Bypass Vulnerability

Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context...

10CVSS9.2AI score0.2233EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•21 views

Android Kernel Race Condition Vulnerability

Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation...

6.9CVSS4.4AI score0.00811EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•21 views

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...

8.8CVSS2AI score0.37951EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•21 views

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS7.6AI score0.95683EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•21 views

Adobe Flash Player Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely...

10CVSS7.2AI score0.20356EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•21 views

QNAP NAS Improper Authorization Vulnerability

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device...

10CVSS5.2AI score0.7825EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•21 views

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability

afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application...

7.8CVSS7.1AI score0.31761EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•21 views

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions...

7.8CVSS2.3AI score0.11616EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•21 views

Pulse Connect Secure Code Injection Vulnerability

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

7.2CVSS5.3AI score0.32739EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•21 views

Adobe Flash Player Use-After-Free Vulnerability

A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution...

10CVSS7AI score0.99344EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•21 views

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.3AI score0.14863EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•21 views

SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability

SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution...

9.8CVSS4.9AI score0.99912EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•21 views

Microsoft Exchange Server Information Disclosure

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target...

7.5CVSS2.3AI score0.97502EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Google Chromium V8 Incorrect Implementation Vulnerabililty

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.9AI score0.02826EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Windows Spoofing Vulnerability

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...

7.8CVSS6.1AI score0.41131EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

VMware vCenter Server File Upload Vulnerability

VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code...

9.8CVSS9.1AI score0.99999EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Defender Remote Code Execution Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution...

7.8CVSS7.9AI score0.39653EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Apache Struts Remote Code Execution Vulnerability

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

9.8CVSS9.4AI score0.95922EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Apple iOS WebKit Use-After-Free Vulnerability

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS9.1AI score0.10986EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Apple iOS WebKit Memory Corruption Vulnerability

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS9.3AI score0.10591EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

BQE BillQuick Web Suite SQL Injection Vulnerability

BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution...

9.8CVSS10.3AI score0.73269EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services...

10CVSS9.6AI score0.99898EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Google Chromium V8 Heap Buffer Overflow Vulnerability

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

8.8CVSS9AI score0.19815EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8AI score0.02954EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability

Citrix StoreFront Server contains an XML External Entity XXE processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information...

7.5CVSS7.4AI score0.30041EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...

7.5CVSS7.7AI score0.02696EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives...

9.8CVSS9.4AI score0.08091EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.78376EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Ivanti Pulse Connect Secure Use-After-Free Vulnerability

Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services...

10CVSS9.3AI score0.47172EPSS
Exploits9
Total number of security vulnerabilities1652