Lucene search
K
Cisa KevMost viewed

1649 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/07 12:0 a.m.•87 views

Android Kernel Remote Code Execution Vulnerability

Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS...

7.8CVSS7.6AI score0.02701EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/09 12:0 a.m.•87 views

Fortinet FortiOS Out-of-Bound Write Vulnerability

Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests...

9.8CVSS8.1AI score0.83428EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/23 12:0 a.m.•86 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly allocated or 2 is deleted, as demonstrated by a CDwnBindInfo object...

9.3CVSS7.8AI score0.78823EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/24 12:0 a.m.•85 views

CrushFTP VFS Sandbox Escape Vulnerability

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system VFS...

10CVSS7.3AI score0.99539EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/11 12:0 a.m.•85 views

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.11867EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•85 views

MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system...

10CVSS7.2AI score0.61018EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/25 12:0 a.m.•84 views

Microsoft Partner Center Improper Access Control Vulnerability

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges...

9.8CVSS7.3AI score0.01339EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/22 12:0 a.m.•84 views

Apple Multiple Products WebKit Sandbox Escape Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...

8.6CVSS8.4AI score0.1653EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•84 views

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution...

10CVSS3.5AI score0.99999EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•84 views

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution...

8.8CVSS3.2AI score0.14261EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/09 12:0 a.m.•83 views

Microsoft Win32K Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges...

7.8CVSS7.2AI score0.40919EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•83 views

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted 1 document or 2 web page that triggers system-state corruption...

9.3CVSS8.3AI score0.72119EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/13 12:0 a.m.•82 views

Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...

10CVSS6.8AI score0.0424EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/08 12:0 a.m.•82 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory...

7.8CVSS7.3AI score0.00674EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/13 12:0 a.m.•82 views

Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability

Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges...

7.8CVSS6.7AI score0.01635EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/26 12:0 a.m.•82 views

Apple Multiple Products Kernel Unspecified Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state...

5.5CVSS7.1AI score0.01002EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/11 12:0 a.m.•82 views

Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability

Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.42602EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/11 12:0 a.m.•82 views

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8.4AI score0.48973EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•82 views

Symantec Messaging Gateway Remote Code Execution Vulnerability

Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions...

8.8CVSS8.9AI score0.35341EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/14 12:0 a.m.•81 views

Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS7.1AI score0.09798EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/30 12:0 a.m.•81 views

SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

SAP Commerce Cloud formerly known as Hybris contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection...

9.8CVSS7.5AI score0.07079EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/22 12:0 a.m.•81 views

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari a...

6.5CVSS7AI score0.14292EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•81 views

Google Chromium Mojo Insufficient Data Validation Vulnerability

Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

9.6CVSS9.2AI score0.0568EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•81 views

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request...

7.5CVSS6.3AI score0.53703EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•81 views

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution...

9.6CVSS3AI score0.02349EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/08 12:0 a.m.•80 views

Microsoft Windows Management Console Remote Code Execution Vulnerability

Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution...

7.8CVSS7.8AI score0.66571EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/04 12:0 a.m.•80 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS6.4AI score0.87042EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/12 12:0 a.m.•79 views

PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...

9.8CVSS8.5AI score0.99998EPSS
Exploits101
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/12 12:0 a.m.•79 views

Oracle Java SE and JRockit Unspecified Vulnerability

Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions JMX. This vulnerability can be exploited through sandboxed Java Web Start applications and sandbox...

10CVSS8.4AI score0.92334EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/23 12:0 a.m.•78 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions...

7.8CVSS8.4AI score0.14949EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•78 views

Microsoft Edge and Internet Explorer Type Confusion Vulnerability

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution...

8.1CVSS3.1AI score0.80386EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/02 12:0 a.m.•77 views

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432...

10CVSS7.6AI score0.99803EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/07 12:0 a.m.•77 views

Apache Spark Command Injection Vulnerability

Apache Spark contains a command injection vulnerability via Spark User Interface UI when Access Control Lists ACLs are enabled...

8.8CVSS3.3AI score0.92984EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•77 views

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

9.8CVSS6.7AI score0.83476EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•77 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory...

7.8CVSS2.8AI score0.10034EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/18 12:0 a.m.•76 views

Zyxel EMG2926 Routers Command Injection Vulnerability

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the expert/maintenance/diagnostic/nslooku...

9CVSS7.9AI score0.37634EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•76 views

Oracle VirtualBox Insufficient Input Validation Vulnerability

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code...

8.8CVSS6.3AI score0.06932EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/14 12:0 a.m.•75 views

Microsoft Office Outlook Privilege Escalation Vulnerability

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user...

9.8CVSS8.9AI score0.97408EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•75 views

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...

7.5CVSS5AI score0.95537EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•75 views

Microsoft WinVerifyTrust function Remote Code Execution

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

8.8CVSS3.5AI score0.44647EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•75 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.4AI score0.94104EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•75 views

ThinkPHP Remote Code Execution Vulnerability

ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...

9.3CVSS9.4AI score0.97419EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/26 12:0 a.m.•74 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS6.8AI score0.19272EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/05 12:0 a.m.•74 views

Atlassian Confluence Data Center and Server Broken Access Control Vulnerability

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence...

10CVSS6.2AI score0.99156EPSS
Exploits39
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•73 views

Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

Microsoft Windows Management Console MMC contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally...

7CVSS7.4AI score0.31894EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/23 12:0 a.m.•73 views

Apple Multiple Products WebKit Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rel...

8.8CVSS8.6AI score0.23788EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/08 12:0 a.m.•72 views

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality...

8.1CVSS6.8AI score0.43679EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•72 views

WebRTC Heap Buffer Overflow Vulnerability

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...

8.8CVSS8.8AI score0.70461EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•72 views

Microsoft SMBv3 Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client...

10CVSS3.2AI score0.9981EPSS
Exploits125
CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/22 12:0 a.m.•71 views

VMware vCenter Server Out-of-Bounds Write Vulnerability

VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution...

9.8CVSS8.1AI score0.99428EPSS
Exploits1
Total number of security vulnerabilities1649