Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/02 12:0 a.m.•14 views

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

6.9CVSS7.5AI score0.01174EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/12 12:0 a.m.•14 views

Metabase GeoJSON API Local File Inclusion Vulnerability

Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data...

10CVSS6.5AI score0.97178EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/11 12:0 a.m.•14 views

Netwrix Auditor Insecure Object Deserialization Vulnerability

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP,...

9.8CVSS9.2AI score0.36009EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•14 views

October CMS Improper Authentication

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...

9.1CVSS6.2AI score0.90418EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/18 12:0 a.m.•14 views

Apache Airflow's Experimental API Authentication Bypass

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication...

9.8CVSS3.3AI score0.9967EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•14 views

Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting XSS when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

6.1CVSS6.2AI score0.07082EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•14 views

Accellion FTA OS Command Injection Vulnerability

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

10CVSS9.2AI score0.56411EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•14 views

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...

8.1CVSS8AI score0.06305EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 4 days ago•13 views

Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability

Microsoft SharePoint contains a missing authentication for critical function vulnerability that allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS6.2AI score0.05601EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/10 12:0 a.m.•13 views

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...

10CVSS6.2AI score0.00836EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/01 12:0 a.m.•13 views

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network...

8.8CVSS7.7AI score0.03219EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/25 12:0 a.m.•13 views

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network...

9.8CVSS6.3AI score0.01247EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/01 12:0 a.m.•13 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle...

7.5CVSS7.2AI score0.49689EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•13 views

Microsoft DirectX NULL Byte Overwrite Vulnerability

Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file...

9.3CVSS6.2AI score0.51207EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/23 12:0 a.m.•13 views

Marimo Remote Code Execution Vulnerability

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands...

9.8CVSS8.2AI score0.95645EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•13 views

PaperCut NG/MF Improper Authentication Vulnerability

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class...

8.2CVSS7.5AI score0.77388EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•13 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

6.1CVSS5.9AI score0.01761EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/14 12:0 a.m.•13 views

Microsoft SharePoint Server Improper Input Validation Vulnerability

Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.8AI score0.22808EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/19 12:0 a.m.•13 views

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root...

10CVSS6.5AI score0.27551EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/03 12:0 a.m.•13 views

Broadcom VMware Aria Operations Command Injection Vulnerability

Broadcom VMware Aria Operations formerly known as vRealize Operations vROps contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support‑assisted product migration...

8.1CVSS6.7AI score0.17424EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/12 12:0 a.m.•13 views

Notepad++ Download of Code Without Integrity Check Vulnerability

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges...

7.7CVSS6.4AI score0.01268EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/17 12:0 a.m.•13 views

SonicWall SMA1000 Missing Authorization Vulnerability

SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console AMC of affected devices...

6.6CVSS7AI score0.01944EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/11 12:0 a.m.•13 views

OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability

OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request...

9.8CVSS6.8AI score0.67357EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/08 12:0 a.m.•13 views

D-Link Routers Buffer Overflow Vulnerability

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS7.5AI score0.57037EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/03 12:0 a.m.•13 views

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS7.5AI score0.39096EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/14 12:0 a.m.•13 views

Rapid7 Velociraptor Incorrect Default Permissions Vulnerability

Rapid7 Velociraptor contains an incorrect default permissions vulnerability that can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint...

5.5CVSS7.3AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/29 12:0 a.m.•13 views

Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R --chroot option to run arbitrary commands as root, even if they are not listed in the sudoers file...

9.3CVSS6.8AI score0.47467EPSS
Exploits70
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/29 12:0 a.m.•13 views

Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability

Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

10CVSS7.3AI score0.99614EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/04 12:0 a.m.•13 views

Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability

Linux kernel contains a time-of-check time-of-use TOCTOU race condition vulnerability that has a high impact on confidentiality, integrity, and availability...

7.4CVSS6.9AI score0.01345EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/04 12:0 a.m.•13 views

Android Runtime Use-After-Free Vulnerability

Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation...

8.8CVSS7AI score0.00545EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/04 12:0 a.m.•13 views

Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability

Sitecore Experience Manager XM, Experience Platform XP, Experience Commerce XC, and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code executio...

9CVSS8.1AI score0.30809EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/03 12:0 a.m.•13 views

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS8.9AI score0.00778EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/28 12:0 a.m.•13 views

Commvault Web Server Unspecified Vulnerability

Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells...

8.8CVSS8.6AI score0.01997EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/17 12:0 a.m.•13 views

Apple Multiple Products Arbitrary Read and Write Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication...

9.8CVSS6.7AI score0.12763EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/06 12:0 a.m.•13 views

Dante Discovery Process Control Vulnerability

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

7.8CVSS7.3AI score0.09092EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/23 12:0 a.m.•13 views

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability

Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel...

8.1CVSS8.1AI score0.17578EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•13 views

Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability

A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges...

9CVSS7.2AI score0.05979EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•13 views

IBM InfoSphere BigInsights Invalid Input Vulnerability

Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data...

6.5CVSS5.1AI score0.05236EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•13 views

Trend Micro Multiple Products Content Validation Escape Vulnerability

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...

8.8CVSS8.3AI score0.05754EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 1970/01/01 12:0 a.m.•13 views

?

?...

7.2AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/07 12:0 a.m.•12 views

JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS6.2AI score0.01569EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/29 12:0 a.m.•12 views

SimpleHelp Authentication Bypass Vulnerability

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacke...

10CVSS5.9AI score0.0116EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/25 12:0 a.m.•12 views

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME contain a server-side request forgery SSRF Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/11 12:0 a.m.•12 views

Ivanti Sentry OS Command Injection Vulnerability

Ivanti Sentry formerly known as MobileIron Sentry contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged sta...

10CVSS6.3AI score0.99041EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/08 12:0 a.m.•12 views

Check Point Security Gateway Improper Authentication Vulnerability

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password...

9.3CVSS5.9AI score0.70099EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/08 12:0 a.m.•12 views

BerriAI LiteLLM Command Injection Vulnerability

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host...

8.8CVSS5.7AI score0.80188EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/07 12:0 a.m.•12 views

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS6.2AI score0.34454EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/16 12:0 a.m.•12 views

Apache ActiveMQ Improper Input Validation Vulnerability

Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection...

8.8CVSS7.3AI score0.96666EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•12 views

Microsoft Windows Out-of-Bounds Read Vulnerability

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation...

7.8CVSS5.8AI score0.12184EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/30 12:0 a.m.•12 views

Citrix NetScaler Out-of-Bounds Read Vulnerability

Citrix NetScaler ADC formerly Citrix ADC, NetScaler Gateway formerly Citrix Gateway and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread...

9.8CVSS7.4AI score0.83996EPSS
Exploits7
Total number of security vulnerabilities1652