Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services...

10CVSS9.6AI score0.99898EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...

7.5CVSS7.7AI score0.02696EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Windows Spoofing Vulnerability

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files...

7.8CVSS6.1AI score0.41131EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.78376EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Ivanti Pulse Connect Secure Use-After-Free Vulnerability

Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services...

10CVSS9.3AI score0.47172EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

VMware vCenter Server File Upload Vulnerability

VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code...

9.8CVSS9.1AI score0.99999EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Apple iOS WebKit Memory Corruption Vulnerability

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS9.3AI score0.10591EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

BQE BillQuick Web Suite SQL Injection Vulnerability

BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution...

9.8CVSS10.3AI score0.73269EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Google Chromium Information Disclosure Vulnerability

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

6.5CVSS6.8AI score0.19901EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Google Chromium V8 Incorrect Implementation Vulnerabililty

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.9AI score0.02826EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Defender Remote Code Execution Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution...

7.8CVSS7.9AI score0.39653EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

VMware Multiple Products Privilege Escalation Vulnerability

VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...

7.8CVSS7.7AI score0.07254EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Google Chromium V8 Heap Buffer Overflow Vulnerability

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

8.8CVSS9AI score0.19815EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8AI score0.02954EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability

Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure...

6.2CVSS6AI score0.0052EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•21 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...

7.6CVSS8.1AI score0.72626EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•20 views

Microsoft DirectX NULL Byte Overwrite Vulnerability

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file...

9.3CVSS6.2AI score0.51207EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/16 12:0 a.m.•20 views

Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability

Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719...

9.8CVSS7.8AI score0.66322EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/02 12:0 a.m.•20 views

ASUS Routers Improper Authentication Vulnerability

ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS9.9AI score0.99393EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/28 12:0 a.m.•20 views

Broadcom Brocade Fabric OS Code Injection Vulnerability

Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges...

8.6CVSS7.8AI score0.00751EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•20 views

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS7.8AI score0.01091EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/06 12:0 a.m.•20 views

Apache RocketMQ Command Execution Vulnerability

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

9.8CVSS7.2AI score0.96604EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2023/08/21 12:0 a.m.•20 views

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user...

9.8CVSS7.4AI score0.17937EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•20 views

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context...

7.8CVSS8.4AI score0.08589EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•20 views

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

7.1CVSS4.1AI score0.02831EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•20 views

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices using Mali GPU contains an improper access control vulnerability in seclog file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370...

6.2CVSS4.3AI score0.01121EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•20 views

PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drup...

7.8CVSS2.5AI score0.84554EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/27 12:0 a.m.•20 views

Apple Multiple Products Use-After-Free Vulnerability

A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges...

9.3CVSS4.8AI score0.17438EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/09 12:0 a.m.•20 views

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver contains a vulnerability that allows unrestricted file upload...

9.9CVSS2.9AI score0.35447EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•20 views

Adobe Flash Player and AIR Integer Overflow Vulnerability

Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code...

9.3CVSS6.2AI score0.19785EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•20 views

Apple iOS Memory Corruption Vulnerability

Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...

9.3CVSS4.3AI score0.04589EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•20 views

Google Chrome Blink Use-After-Free Vulnerability

Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page...

6.5CVSS6.5AI score0.61537EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•20 views

Trend Micro Apex Central Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution...

9.8CVSS4.2AI score0.19633EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•20 views

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...

5.9CVSS6.6AI score0.03326EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•20 views

Citrix SD-WAN and NetScaler Command Injection Vulnerability

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...

9CVSS3.7AI score0.74052EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•20 views

Citrix ShareFile Improper Access Control Vulnerability

Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller...

10CVSS4.8AI score0.53585EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•20 views

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

10CVSS7.3AI score0.09747EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•20 views

Treck TCP/IP stack Out-of-Bounds Read Vulnerability

The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability...

5.4CVSS2.4AI score0.18564EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•20 views

Exim Out-of-bounds Write Vulnerability

Exim contains an out-of-bounds write vulnerability which can allow for remote code execution...

9.8CVSS4AI score0.41589EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•20 views

Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service DoS...

8.6CVSS8.5AI score0.07973EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•20 views

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability

Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file...

9.3CVSS7.5AI score0.90026EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•20 views

Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability

A code execution vulnerability exists in the Stapler web framework used by Jenkins...

10CVSS3AI score0.98481EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•20 views

Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability

Intel products contain a vulnerability which can allow attackers to perform privilege escalation...

10CVSS6AI score0.92189EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.48574EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability

Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8.4AI score0.1991EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems...

10CVSS8.7AI score0.79842EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...

10CVSS9.6AI score0.99928EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys Winsock handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges...

7.8CVSS8.2AI score0.19254EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room...

9CVSS9.5AI score0.41284EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•20 views

Realtek AP-Router SDK Buffer Overflow Vulnerability

Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service DoS...

10CVSS9.6AI score0.97961EPSS
Exploits1
Total number of security vulnerabilities1652