Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/27 12:0 a.m.•18 views

Nx Console Embedded Malicious Code Vulnerability

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory...

9.8CVSS5.9AI score0.0185EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/06 12:0 a.m.•18 views

Fortinet FortiClient EMS Improper Access Control Vulnerability

Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6.2AI score0.88505EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/18 12:0 a.m.•18 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets CSS @import directives in email HTML...

7.2CVSS5.6AI score0.12009EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/25 12:0 a.m.•18 views

Cisco SD-WAN Path Traversal Vulnerability

Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user...

7.8CVSS6AI score0.12475EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/29 12:0 a.m.•18 views

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.81231EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/17 12:0 a.m.•18 views

ASUS Live Update Embedded Malicious Code Vulnerability

ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted produc...

9.8CVSS7.1AI score0.01104EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/15 12:0 a.m.•18 views

Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...

9.8CVSS6.8AI score0.50949EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/15 12:0 a.m.•18 views

Adobe Experience Manager Forms Code Execution Vulnerability

Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution...

10CVSS7.8AI score0.87515EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/06 12:0 a.m.•18 views

Linux Kernel Heap Out-of-Bounds Write Vulnerability

Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...

8.3CVSS7.5AI score0.78684EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/10 12:0 a.m.•18 views

Microsoft Windows External Control of File Name or Path Vulnerability

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...

8.8CVSS8.7AI score0.81558EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/19 12:0 a.m.•18 views

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...

7.5CVSS7.2AI score0.99899EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•18 views

Zyxel DSL CPE OS Command Injection Vulnerability

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...

8.8CVSS7.7AI score0.22421EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/07 12:0 a.m.•18 views

Mitel MiCollab Path Traversal Vulnerability

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...

9.1CVSS7.1AI score0.98067EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/18 12:0 a.m.•18 views

Reolink Multiple IP Cameras OS Command Injection Vulnerability

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...

9CVSS7.4AI score0.38369EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/17 12:0 a.m.•18 views

Cleo Multiple Products Unauthenticated File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autoru...

9.8CVSS7.8AI score0.93804EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/14 12:0 a.m.•18 views

Palo Alto Networks Expedition OS Command Injection Vulnerability

Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...

9.9CVSS7.7AI score0.9846EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•18 views

Adobe Flash Player and AIR Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code...

9.3CVSS5.6AI score0.55375EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•18 views

Apple iOS Information Disclosure Vulnerability

The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application...

7.1CVSS4AI score0.33353EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•18 views

Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability

Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution...

10CVSS3.2AI score0.55874EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/23 12:0 a.m.•18 views

Adobe Flash Player Stack-based Buffer Overflow Vulnerability

Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution...

10CVSS4AI score0.25353EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•18 views

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS7.1AI score0.9994EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•18 views

D-Link Multiple Routers Remote Code Execution Vulnerability

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file...

10CVSS6.6AI score0.97836EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•18 views

MiCollab, MiVoice Business Express Access Control Vulnerability

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system...

9.8CVSS5.1AI score0.87565EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•18 views

Microsoft GDI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system...

9.3CVSS4.3AI score0.21713EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•18 views

Cisco Small Business Routers Improper Input Validation Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands...

9CVSS7.8AI score0.95923EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•18 views

Microsoft Windows Improper Input Validation Vulnerability

The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application...

7.8CVSS6.8AI score0.04918EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•18 views

Adobe Reader Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...

9.3CVSS4.8AI score0.32449EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/22 12:0 a.m.•18 views

Zabbix Frontend Improper Access Control Vulnerability

Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS4.2AI score0.84657EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•18 views

Apple OS X Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...

9.3CVSS8AI score0.49049EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•18 views

Nagios XI OS Command Injection

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

9CVSS2.6AI score0.74979EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•18 views

VMware Server Side Request Forgery in vRealize Operations Manager API

Server Side Request Forgery SSRF in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials...

7.5CVSS4AI score0.7829EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•18 views

Aviatrix Controller Unrestricted Upload of File

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...

9.8CVSS6.4AI score0.93019EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•18 views

Kibana Arbitrary Code Execution

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

10CVSS4.3AI score0.95338EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Microsoft Office Remote Code Execution Vulnerability

Microsoft Office contains an unspecified vulnerability that allows for remote code execution...

8.5CVSS7.7AI score0.03182EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...

9.8CVSS9.2AI score0.0712EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

9.8CVSS8.9AI score0.91874EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Google Chromium V8 Memory Corruption Vulnerability

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

8.8CVSS8.9AI score0.36238EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability

Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution...

8.8CVSS8.9AI score0.10793EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Cisco HyperFlex HX Data Platform Command Injection Vulnerability

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...

9.8CVSS9.2AI score0.99999EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Microsoft Internet Explorer Remote Code Execution Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution...

8.8CVSS7.8AI score0.03708EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Accellion FTA SQL Injection Vulnerability

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

9.8CVSS9.5AI score0.05998EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability

Accellion FTA contains a server-side request forgery SSRF vulnerability exploited via a crafted POST request to wmProgressstat.html...

9.8CVSS8.8AI score0.11315EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Google Chromium V8 Out-of-Bounds Write Vulnerability

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...

8.8CVSS9.2AI score0.64546EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

8.1CVSS8AI score0.02978EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

rConfig OS Command Injection Vulnerability

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...

9CVSS9.2AI score0.36754EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...

7.6CVSS7.8AI score0.30018EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•18 views

Ivanti Pulse Connect Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...

8.8CVSS9.6AI score0.22343EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/01 12:0 a.m.•17 views

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network...

8.8CVSS7.7AI score0.03219EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/16 12:0 a.m.•17 views

Widget Factory Joomla Content Editor Improper Access Control Vulnerability

Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users...

10CVSS5.6AI score0.80425EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/02 12:0 a.m.•17 views

Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 releaseagent feature...

7.8CVSS7AI score0.05528EPSS
Exploits12
Total number of security vulnerabilities1652