Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•13 views

Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability

A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges...

9CVSS7.2AI score0.05979EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•13 views

Trend Micro Multiple Products Content Validation Escape Vulnerability

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...

8.8CVSS8.3AI score0.05754EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 1970/01/01 12:0 a.m.•13 views

?

?...

7.2AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/07 12:0 a.m.•12 views

JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...

10CVSS6.2AI score0.01569EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/08 12:0 a.m.•12 views

BerriAI LiteLLM Command Injection Vulnerability

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host...

8.8CVSS5.7AI score0.80188EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/07 12:0 a.m.•12 views

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

7.2CVSS6.2AI score0.34454EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/24 12:0 a.m.•12 views

Samsung MagicINFO 9 Server Path Traversal Vulnerability

Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority...

9.8CVSS9.2AI score0.91941EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•12 views

Microsoft Windows Out-of-Bounds Read Vulnerability

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation...

7.8CVSS5.8AI score0.12184EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/25 12:0 a.m.•12 views

Langflow Code Injection Vulnerability

Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication...

9.8CVSS6.1AI score0.98191EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/09 12:0 a.m.•12 views

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine...

9.8CVSS5.8AI score0.8833EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•12 views

Apple Multiple Products Integer Overflow or Wraparound Vulnerability

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...

8.8CVSS6.2AI score0.07617EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/12 12:0 a.m.•12 views

Microsoft Configuration Manager SQL Injection Vulnerability

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server...

9.8CVSS6AI score0.6111EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/26 12:0 a.m.•12 views

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

10CVSS6.3AI score0.85457EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/22 12:0 a.m.•12 views

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory...

8.8CVSS5.8AI score0.31769EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/22 12:0 a.m.•12 views

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

7.5CVSS6.4AI score0.04146EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/02 12:0 a.m.•12 views

Android Framework Information Disclosure Vulnerability

Android Framework contains an unspecified vulnerability that allows for information disclosure...

5.5CVSS6.7AI score0.00249EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/18 12:0 a.m.•12 views

Fortinet FortiWeb OS Command Injection Vulnerability

Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands...

7.2CVSS7.7AI score0.5558EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/20 12:0 a.m.•12 views

Microsoft Windows SMB Client Improper Access Control Vulnerability

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate...

8.8CVSS9AI score0.64987EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/14 12:0 a.m.•12 views

SKYSEA Client View Improper Authentication Vulnerability

SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program...

10CVSS8.2AI score0.1938EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/02 12:0 a.m.•12 views

Jenkins Remote Code Execution Vulnerability

Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection...

9.8CVSS7.7AI score0.99679EPSS
Exploits36
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/29 12:0 a.m.•12 views

Adminer Server-Side Request Forgery Vulnerability

Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information...

7.2CVSS6.9AI score0.90072EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/16 12:0 a.m.•12 views

Apple Multiple Products Unspecified Vulnerability

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link...

4.2CVSS6.6AI score0.01009EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/10 12:0 a.m.•12 views

Wazuh Server Deserialization of Untrusted Data Vulnerability

Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers...

9.9CVSS8.3AI score0.93027EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/03 12:0 a.m.•12 views

Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability

Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands...

8.6CVSS8.9AI score0.00435EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/13 12:0 a.m.•12 views

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability

BeyondTrust Privileged Remote Access PRA and Remote Support RS contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execut...

7.2CVSS7.8AI score0.13788EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•12 views

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

7.5CVSS3.3AI score0.03977EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/10 12:0 a.m.•12 views

Fuel CMS SQL Injection Vulnerability

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items...

9.8CVSS4.5AI score0.90044EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•12 views

McAfee Total Protection (MTP) Improper Privilege Management Vulnerability

McAfee Total Protection MTP contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense...

8.2CVSS7.6AI score0.01026EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 5 days ago•11 views

SonicWall SMA1000 Appliances Code Injection Vulnerability

SonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS7.3AI score0.01486EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/23 12:0 a.m.•11 views

Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...

9.8CVSS6.3AI score0.00889EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/23 12:0 a.m.•11 views

Ubiquiti UniFi OS Path Traversal Vulnerability

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.9AI score0.02269EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/18 12:0 a.m.•11 views

Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint...

9.8CVSS5.9AI score0.88171EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/26 12:0 a.m.•11 views

LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges...

10CVSS6.2AI score0.18914EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/24 12:0 a.m.•11 views

SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

7.2CVSS9.1AI score0.06982EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•11 views

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user...

7.5CVSS7.6AI score0.05269EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•11 views

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

9.8CVSS7.7AI score0.94085EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/02 12:0 a.m.•11 views

TrueConf Client Download of Code Without Integrity Check Vulnerability

TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the...

7.8CVSS6.6AI score0.0575EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/16 12:0 a.m.•11 views

Wing FTP Server Information Disclosure Vulnerability

Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie...

4.3CVSS7.3AI score0.56366EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•11 views

Apple Multiple products Use-After-Free Vulnerability

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption...

8.8CVSS5.9AI score0.03955EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/17 12:0 a.m.•11 views

Google Chromium CSS Use-After-Free Vulnerability

Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge,...

8.8CVSS5.9AI score0.2202EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/12 12:0 a.m.•11 views

Apple Multiple Buffer Overflow Vulnerability

Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code...

7.8CVSS6.2AI score0.01319EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/10 12:0 a.m.•11 views

Microsoft Windows Improper Privilege Management Vulnerability

Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally...

7.8CVSS5.5AI score0.03846EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/05 12:0 a.m.•11 views

React Native Community CLI OS Command Injection Vulnerability

React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute...

9.8CVSS5.8AI score0.62378EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/22 12:0 a.m.•11 views

Versa Concerto Improper Authentication Vulnerability

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

9.2CVSS5.5AI score0.83479EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/21 12:0 a.m.•11 views

Cisco Unified Communications Products Code Injection Vulnerability

Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection...

9.8CVSS5.7AI score0.04307EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/14 12:0 a.m.•11 views

Microsoft Windows Untrusted Pointer Dereference Vulnerability

Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges...

7.8CVSS7AI score0.06003EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/13 12:0 a.m.•11 views

N-able N-Central Command Injection Vulnerability

N-able N-Central contains a command injection vulnerability via improper sanitization of user input...

9.4CVSS7.8AI score0.03092EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/13 12:0 a.m.•11 views

N-able N-Central Insecure Deserialization Vulnerability

N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution...

9.4CVSS7.5AI score0.01588EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/12 12:0 a.m.•11 views

Microsoft Internet Explorer Resource Management Errors Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.3CVSS8.2AI score0.8593EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/25 12:0 a.m.•11 views

AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability

AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

10CVSS7.4AI score0.61462EPSS
Exploits0
Total number of security vulnerabilities1652