Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.17 views

Adobe Reader Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...

9.3CVSS4.8AI score0.32449EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/02/10 12:0 a.m.17 views

Apple OS X Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...

9.3CVSS8AI score0.49049EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/18 12:0 a.m.17 views

Drupal core Un-restricted Upload of File

Improper sanitization in the extension file names is present in Drupal core...

8.8CVSS2AI score0.04304EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/10 12:0 a.m.17 views

Kibana Arbitrary Code Execution

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

10CVSS4.3AI score0.95338EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Apple macOS Unspecified Vulnerability

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...

5.5CVSS5.7AI score0.68531EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability

Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution...

10CVSS9.7AI score0.99913EPSS
Exploits20
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS9AI score0.57736EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.0189EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

PlaySMS Server-Side Template Injection Vulnerability

PlaySMS contains a server-side template injection vulnerability that allows for remote code execution...

9.8CVSS9.8AI score0.86689EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Ivanti Pulse Connect Secure Code Execution Vulnerability

Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution...

7.2CVSS8.5AI score0.90759EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SaltStack Salt Authentication Bypass Vulnerability

SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/...

9.8CVSS9.1AI score0.96405EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability

Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...

7.5CVSS6.4AI score0.64051EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfull...

8.8CVSS8.4AI score0.65037EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...

9CVSS9.1AI score0.06903EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

8.1CVSS8AI score0.02978EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SaltStack Salt Path Traversal Vulnerability

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability...

6.5CVSS7.7AI score0.86063EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

SolarWinds Serv-U Remote Code Execution Vulnerability

SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution...

10CVSS9.6AI score0.9116EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.17 views

Tenda AC11 Router Stack Buffer Overflow Vulnerability

Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request...

10CVSS9.4AI score0.85849EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/05 12:0 a.m.16 views

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...

7.5CVSS5.5AI score0.10659EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2026/01/07 12:0 a.m.16 views

Microsoft Office PowerPoint Code Injection Vulnerability

Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption...

9.3CVSS7.9AI score0.67539EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/15 12:0 a.m.16 views

Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability

Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...

9.8CVSS6.8AI score0.50949EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/12 12:0 a.m.16 views

Google Chromium Out of Bounds Memory Access Vulnerability

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

8.8CVSS6.7AI score0.22721EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/07 12:0 a.m.16 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...

5.4CVSS6.1AI score0.04344EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/02 12:0 a.m.16 views

GNU Bash OS Command Injection Vulnerability

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment...

10CVSS9AI score0.99621EPSS
Exploits31
CISA KEV Catalog
CISA KEV Catalog
added 2025/09/25 12:0 a.m.16 views

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability

Cisco Secure Firewall Adaptive Security ASA Appliance and Secure Firewall Threat Defense FTD Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333...

9.9CVSS6.7AI score0.85543EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/08/29 12:0 a.m.16 views

Sangoma FreePBX Authentication Bypass Vulnerability

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution...

10CVSS8.3AI score0.93286EPSS
Exploits21
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/18 12:0 a.m.16 views

Fortinet FortiWeb SQL Injection Vulnerability

Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests...

9.8CVSS9.8AI score0.9671EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/19 12:0 a.m.16 views

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...

7.5CVSS7.2AI score0.99899EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
added 2025/04/29 12:0 a.m.16 views

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries...

10CVSS9.6AI score0.99406EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/10 12:0 a.m.16 views

Advantive VeraCore SQL Injection Vulnerability

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter...

7.5CVSS8.9AI score0.50863EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/02/20 12:0 a.m.16 views

Palo Alto Networks PAN-OS File Read Vulnerability

Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user...

7.1CVSS6.3AI score0.01927EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/25 12:0 a.m.16 views

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...

9.8CVSS7.2AI score0.67645EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/04 12:0 a.m.16 views

PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntpaddr parameter of the /cgi-bin/param.cgi CGI script...

7.2CVSS7.7AI score0.81973EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/29 12:0 a.m.16 views

Samsung Mobile Devices Unspecified Vulnerability

Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP...

7.2CVSS7AI score0.00802EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/27 12:0 a.m.16 views

Google Chromium PopupBlocker Security Bypass Vulnerability

Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

6.5CVSS7AI score0.16611EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/08 12:0 a.m.16 views

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...

9.3CVSS7AI score0.9203EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/23 12:0 a.m.16 views

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation...

7.8CVSS3.8AI score0.15705EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/23 12:0 a.m.16 views

Apple iOS Memory Corruption Vulnerability

Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution...

9.3CVSS4.3AI score0.04589EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

Webmin Command Injection Vulnerability

An issue was discovered in Webmin. The parameter old in passwordchange.cgi contains a command injection vulnerability...

10CVSS2.3AI score0.99766EPSS
Exploits38
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

D-Link Multiple Routers Command Injection Vulnerability

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise...

10CVSS5.8AI score0.99996EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...

5.9CVSS6.6AI score0.03326EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.16 views

Juniper Junos OS Path Traversal Vulnerability

A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning ZTP allows an unauthenticated attacker to perform remote code execution...

9.8CVSS5.3AI score0.04725EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/15 12:0 a.m.16 views

SonicWall SonicOS Buffer Overflow Vulnerability

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall...

9.8CVSS5.8AI score0.26869EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/02/25 12:0 a.m.16 views

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting XSS vulnerability in the Calendar feature that allows an attacker to execute arbitrary code...

6.1CVSS6.3AI score0.3106EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2021/12/10 12:0 a.m.16 views

Zoho Desktop Central Authentication Bypass Vulnerability

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server...

10CVSS4.7AI score0.99867EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.16 views

Apple iOS WebKit Buffer Overflow Vulnerability

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS9AI score0.03031EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.16 views

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information...

7.5CVSS6.4AI score0.99876EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.16 views

Google Chromium Blink Use-After-Free Vulnerability

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, an...

8.8CVSS8.8AI score0.09401EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.16 views

Google Chromium V8 Improper Input Validation Vulnerability

Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.8AI score0.70435EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.16 views

Oracle Multiple Products Remote Code Execution Vulnerability

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment...

9.8CVSS9.4AI score0.97116EPSS
Exploits26
Total number of security vulnerabilities1652