Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•16 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.4AI score0.06255EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•16 views

Mozilla Firefox And Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...

8.8CVSS8.3AI score0.43422EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•16 views

Oracle Multiple Products Remote Code Execution Vulnerability

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment...

9.8CVSS9.4AI score0.97116EPSS
Exploits26
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•16 views

TVT NVMS-1000 Directory Traversal Vulnerability

TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests...

7.5CVSS7.3AI score0.96071EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 3 days ago•15 views

Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability

Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.00379EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/02 12:0 a.m.•15 views

Linux Kernel Improper Authentication Vulnerability

Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 releaseagent feature...

7.8CVSS7AI score0.05528EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/27 12:0 a.m.•15 views

TanStack Unspecified Vulnerability

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity...

9.6CVSS7.4AI score0.02342EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/22 12:0 a.m.•15 views

Drupal Core SQL Injection Vulnerability

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API...

9.8CVSS6.7AI score0.84631EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•15 views

Microsoft Windows Buffer Overflow Vulnerability

Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization...

10CVSS8AI score0.98751EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/03 12:0 a.m.•15 views

GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability

GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API...

7.5CVSS5.4AI score0.35649EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/14 12:0 a.m.•15 views

Fortinet FortiWeb Path Traversal Vulnerability

Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests...

9.8CVSS7.5AI score0.8936EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/14 12:0 a.m.•15 views

Microsoft Windows Improper Access Control Vulnerability

Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally...

7.8CVSS6.8AI score0.02675EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/14 12:0 a.m.•15 views

IGEL OS Use of a Key Past its Expiration Date Vulnerability

IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image...

4.6CVSS6.9AI score0.03817EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/09 12:0 a.m.•15 views

Grafana Path Traversal Vulnerability

Grafana contains a path traversal vulnerability that could allow access to local files...

7.5CVSS6.5AI score0.88849EPSS
Exploits44
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/06 12:0 a.m.•15 views

Oracle E-Business Suite Unspecified Vulnerability

Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent...

9.8CVSS6.9AI score0.99722EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/18 12:0 a.m.•15 views

Trend Micro Apex One OS Command Injection Vulnerability

Trend Micro Apex One Management Console on-premise contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

9.8CVSS8.3AI score0.2079EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/02 12:0 a.m.•15 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Ope...

8.1CVSS7AI score0.06564EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/01 12:0 a.m.•15 views

SonicWall SMA100 Appliances OS Command Injection Vulnerability

SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user...

7.2CVSS7.4AI score0.74933EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/28 12:0 a.m.•15 views

Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability

Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request...

9.8CVSS8AI score0.03084EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/06 12:0 a.m.•15 views

CyberoamOS (CROS) SQL Injection Vulnerability

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

9.8CVSS8.5AI score0.04729EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/04 12:0 a.m.•15 views

Paessler PRTG Network Monitor Local File Inclusion Vulnerability

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges including administrator...

9.8CVSS6.8AI score0.8646EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/04 12:0 a.m.•15 views

Apache OFBiz Forced Browsing Vulnerability

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...

9.8CVSS6.9AI score0.99983EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/13 12:0 a.m.•15 views

Qlik Sense HTTP Tunneling Vulnerability

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...

9.9CVSS7.4AI score0.24676EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/29 12:0 a.m.•15 views

Samsung Mobile Devices Improper Input Validation Vulnerability

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic...

5.5CVSS6.8AI score0.00499EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•15 views

Adobe Flash Player Dereferenced Pointer Vulnerability

Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution...

10CVSS6.5AI score0.20008EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•15 views

Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code...

9.3CVSS8.1AI score0.96632EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•15 views

Adobe Flash Player Type Confusion Vulnerability

Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution...

8.8CVSS3.4AI score0.12104EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•15 views

Apple Memory Corruption Vulnerability

Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges...

10CVSS9.1AI score0.11638EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•15 views

EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...

9.8CVSS8.9AI score0.91874EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•15 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.08928EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•15 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...

7.6CVSS8.1AI score0.72626EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•15 views

Microsoft Windows Scripting Engine Memory Corruption Vulnerability

Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption...

9.3CVSS8.5AI score0.3067EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•15 views

Google Chromium V8 Use-After-Free Vulnerability

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.34887EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/15 12:0 a.m.•14 views

LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

LiteSpeed cPanel plugin contains a UNIX symbolic link Symlink following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS...

8.5CVSS5.3AI score0.01261EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/21 12:0 a.m.•14 views

Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability

Trend Micro Apex One on-premise contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations...

6.7CVSS5.9AI score0.12682EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/08 12:0 a.m.•14 views

BerriAI LiteLLM SQL Injection Vulnerability

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages...

9.8CVSS6.1AI score0.86607EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•14 views

Adobe Acrobat and Reader Prototype Pollution Vulnerability

Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution...

8.6CVSS6AI score0.07086EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/25 12:0 a.m.•14 views

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system...

10CVSS5.8AI score0.57793EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/13 12:0 a.m.•14 views

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

BeyondTrust Remote Support RS and Privileged Remote Access PRAcontain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no...

9.9CVSS6.2AI score0.88115EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/12 12:0 a.m.•14 views

SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality...

9.8CVSS5.5AI score0.81624EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/10 12:0 a.m.•14 views

Microsoft Windows Shell Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.5AI score0.25835EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/04 12:0 a.m.•14 views

CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel formerly CentOS Web Panel contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...

9CVSS8.2AI score0.99589EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/24 12:0 a.m.•14 views

Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

Microsoft Windows Server Update Service WSUS contains a deserialization of untrusted data vulnerability that allows for remote code execution...

9.8CVSS9.8AI score0.99962EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/01 12:0 a.m.•14 views

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

5.3CVSS7.2AI score0.08489EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/01 12:0 a.m.•14 views

TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

4CVSS7.3AI score0.00366EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/09 12:0 a.m.•14 views

RoundCube Webmail Cross-Site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

9.3CVSS8.7AI score0.84446EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/02 12:0 a.m.•14 views

ConnectWise ScreenConnect Improper Authentication Vulnerability

ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...

8.1CVSS9.7AI score0.03361EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/02 12:0 a.m.•14 views

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

6.9CVSS7.5AI score0.01174EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/12 12:0 a.m.•14 views

Metabase GeoJSON API Local File Inclusion Vulnerability

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data...

10CVSS6.5AI score0.97178EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/11 12:0 a.m.•14 views

Netwrix Auditor Insecure Object Deserialization Vulnerability

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP,...

9.8CVSS9.2AI score0.36009EPSS
Exploits1
Total number of security vulnerabilities1652