Lucene search
K
Cisa KevMost viewed

1642 matches found

cisa_kev
cisa_kev
•added 2025/12/15 12:0 a.m.•10 views

Apple Multiple Products Use-After-Free WebKit Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

8.8CVSS6.5AI score0.08439EPSS
Exploits8
cisa_kev
cisa_kev
•added 2025/12/08 12:0 a.m.•10 views

Array Networks ArrayOS AG OS Command Injection Vulnerability

Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands...

9.8CVSS8.1AI score0.031EPSS
Exploits0
cisa_kev
cisa_kev
•added 2025/11/10 12:0 a.m.•10 views

Samsung Mobile Devices Out-of-Bounds Write Vulnerability

Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code...

9.8CVSS7.7AI score0.11606EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/10/06 12:0 a.m.•10 views

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms...

7.8CVSS6.9AI score0.03072EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/10/06 12:0 a.m.•10 views

Microsoft Windows Out-of-Bounds Write Vulnerability

Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code...

9.3CVSS7.7AI score0.73872EPSS
Exploits3
cisa_kev
cisa_kev
•added 2025/09/29 12:0 a.m.•10 views

Libraesva Email Security Gateway Command Injection Vulnerability

Libraesva Email Security Gateway ESG contains a command injection vulnerability which allows command injection via a compressed e-mail attachment...

6.1CVSS7.6AI score0.01929EPSS
Exploits0
cisa_kev
cisa_kev
•added 2025/07/07 12:0 a.m.•10 views

Rails Ruby on Rails Path Traversal Vulnerability

Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...

7.5CVSS7.2AI score0.98507EPSS
Exploits18
cisa_kev
cisa_kev
•added 2025/07/07 12:0 a.m.•10 views

Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability

Multi-Router Looking Glass MRLG contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption...

9.8CVSS8AI score0.26572EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/06/02 12:0 a.m.•10 views

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has registerargcargv enabled...

9.8CVSS10AI score0.97446EPSS
Exploits9
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•10 views

SaltStack Salt Shell Injection Vulnerability

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API...

9.8CVSS9.1AI score0.99585EPSS
Exploits5
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•10 views

Unraid Authentication Bypass Vulnerability

Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...

10CVSS9.5AI score0.95844EPSS
Exploits8
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•10 views

EyesOfNetwork Improper Privilege Management Vulnerability

EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine NSE script to nmap7...

9.3CVSS7.3AI score0.58076EPSS
Exploits9
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•10 views

Trend Micro OfficeScan Directory Traversal Vulnerability

Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution...

8.8CVSS7.8AI score0.25125EPSS
Exploits0
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•10 views

Trend Micro Multiple Products Improper Access Control Vulnerability

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privileg...

7.8CVSS7.2AI score0.02639EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/06/23 12:0 a.m.•9 views

Lantronix EDS5000 Code Injection Vulnerability

Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...

9.8CVSS6.3AI score0.00889EPSS
Exploits1
cisa_kev
cisa_kev
•added 2026/05/22 12:0 a.m.•9 views

Drupal Core SQL Injection Vulnerability

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API...

9.8CVSS6.7AI score0.84631EPSS
Exploits14
cisa_kev
cisa_kev
•added 2026/05/20 12:0 a.m.•9 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users shoul...

9.3CVSS6.2AI score0.82172EPSS
Exploits15
cisa_kev
cisa_kev
•added 2026/04/24 12:0 a.m.•9 views

SimpleHelp Path Traversal Vulnerability

SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

7.2CVSS9.1AI score0.07549EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/04/08 12:0 a.m.•9 views

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...

9.8CVSS7.6AI score0.8404EPSS
Exploits6
cisa_kev
cisa_kev
•added 2026/03/09 12:0 a.m.•9 views

Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager EPM contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data...

8.6CVSS5.8AI score0.8056EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/02/05 12:0 a.m.•9 views

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution...

9.8CVSS5.6AI score0.87693EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/02/03 12:0 a.m.•9 views

Sangoma FreePBX OS Command Injection Vulnerability

Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection - checksshconnect function. An attacker can leverage this vulnerability to potentially obtain remote...

8.6CVSS5.7AI score0.84618EPSS
Exploits4
cisa_kev
cisa_kev
•added 2026/01/12 12:0 a.m.•9 views

Gogs Path Traversal Vulnerability

Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution...

8.8CVSS7.5AI score0.7654EPSS
Exploits16
cisa_kev
cisa_kev
•added 2025/12/09 12:0 a.m.•9 views

RARLAB WinRAR Path Traversal Vulnerability

RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user...

7.8CVSS7.3AI score0.86192EPSS
Exploits8
cisa_kev
cisa_kev
•added 2025/11/21 12:0 a.m.•9 views

Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability

Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager...

9.8CVSS7.1AI score0.88312EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/10/20 12:0 a.m.•9 views

Apple Multiple Products Unspecified Vulnerability

Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

8.8CVSS8.8AI score0.03213EPSS
Exploits0
cisa_kev
cisa_kev
•added 2025/10/20 12:0 a.m.•9 views

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...

9.8CVSS6.9AI score0.92161EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/10/20 12:0 a.m.•9 views

Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...

9.8CVSS6.9AI score0.58431EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/10/06 12:0 a.m.•9 views

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability

Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.3CVSS8.1AI score0.96889EPSS
Exploits14
cisa_kev
cisa_kev
•added 2025/10/02 12:0 a.m.•9 views

Samsung Mobile Devices Out-of-Bounds Write Vulnerability

Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code...

9.8CVSS7.8AI score0.01435EPSS
Exploits3
cisa_kev
cisa_kev
•added 2025/08/12 12:0 a.m.•9 views

Microsoft Internet Explorer Resource Management Errors Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.3CVSS8.2AI score0.8593EPSS
Exploits18
cisa_kev
cisa_kev
•added 2025/08/05 12:0 a.m.•9 views

D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability

D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

7.5CVSS7.6AI score0.97901EPSS
Exploits4
cisa_kev
cisa_kev
•added 2025/07/22 12:0 a.m.•9 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS9.5AI score0.5461EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/07/07 12:0 a.m.•9 views

Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery SSRF vulnerability via the ProxyServlet component...

7.5CVSS7.3AI score0.80906EPSS
Exploits10
cisa_kev
cisa_kev
•added 2025/06/03 12:0 a.m.•9 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome...

7.5CVSS8AI score0.00831EPSS
Exploits0
cisa_kev
cisa_kev
•added 2025/02/06 12:0 a.m.•9 views

Sophos XG Firewall Buffer Overflow Vulnerability

Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature...

9.8CVSS8.5AI score0.10674EPSS
Exploits0
cisa_kev
cisa_kev
•added 3 days ago•8 views

Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability

Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...

10CVSS6.2AI score0.00836EPSS
Exploits3
cisa_kev
cisa_kev
•added 2026/06/23 12:0 a.m.•8 views

Ubiquiti UniFi OS Path Traversal Vulnerability

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.9AI score0.02269EPSS
Exploits2
cisa_kev
cisa_kev
•added 2026/06/23 12:0 a.m.•8 views

Ubiquiti UniFi OS Improper Input Validation Vulnerability

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...

10CVSS5.9AI score0.78555EPSS
Exploits2
cisa_kev
cisa_kev
•added 2026/06/15 12:0 a.m.•8 views

Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system...

6.5CVSS5.4AI score0.07683EPSS
Exploits2
cisa_kev
cisa_kev
•added 2026/05/20 12:0 a.m.•8 views

Microsoft Defender Link Following Vulnerability

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
Exploits2
cisa_kev
cisa_kev
•added 2026/04/28 12:0 a.m.•8 views

Microsoft Windows Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.5AI score0.64095EPSS
Exploits3
cisa_kev
cisa_kev
•added 2026/04/24 12:0 a.m.•8 views

SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

9.9CVSS8.7AI score0.09328EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/04/20 12:0 a.m.•8 views

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance SMA contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials...

10CVSS6AI score0.02417EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/04/13 12:0 a.m.•8 views

Microsoft Windows Link Following Vulnerability

Microsoft Windows contains a link following vulnerability that allows for privilege escalation...

7.8CVSS5.8AI score0.04666EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/04/13 12:0 a.m.•8 views

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution...

8.8CVSS6.1AI score0.62104EPSS
Exploits0
cisa_kev
cisa_kev
•added 2026/03/20 12:0 a.m.•8 views

Apple Multiple Products Buffer Overflow Vulnerability

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption...

8.8CVSS6.1AI score0.01481EPSS
Exploits2
cisa_kev
cisa_kev
•added 2026/03/20 12:0 a.m.•8 views

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS6.2AI score0.99803EPSS
Exploits14
cisa_kev
cisa_kev
•added 2026/03/09 12:0 a.m.•8 views

Omnissa Workspace ONE Server-Side Request Forgery

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery SSRF vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information...

7.5CVSS5.8AI score0.97713EPSS
Exploits1
cisa_kev
cisa_kev
•added 2026/02/20 12:0 a.m.•8 views

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

7.2CVSS5.1AI score0.19769EPSS
Exploits1
Total number of security vulnerabilities1642