Lucene search
K
Cisa KevMost viewed

1649 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•8 views

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance SMA contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials...

10CVSS6AI score0.02417EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•8 views

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution...

8.8CVSS6.1AI score0.62104EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/13 12:0 a.m.•8 views

Microsoft Windows Link Following Vulnerability

Microsoft Windows contains a link following vulnerability that allows for privilege escalation...

7.8CVSS5.8AI score0.04666EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/20 12:0 a.m.•8 views

Craft CMS Code Injection Vulnerability

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS6.2AI score0.99803EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/20 12:0 a.m.•8 views

Apple Multiple Products Buffer Overflow Vulnerability

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption...

8.8CVSS6.1AI score0.01481EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/09 12:0 a.m.•8 views

Omnissa Workspace ONE Server-Side Request Forgery

Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery SSRF vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information...

7.5CVSS5.8AI score0.97713EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/20 12:0 a.m.•8 views

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

7.2CVSS5.1AI score0.19769EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/17 12:0 a.m.•8 views

Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled...

9.8CVSS8.7AI score0.85416EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/17 12:0 a.m.•8 views

TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability

TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files,...

7.2CVSS6AI score0.01807EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/26 12:0 a.m.•8 views

GNU InetUtils Argument Injection Vulnerability

GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable...

9.8CVSS6.1AI score0.98871EPSS
Exploits62
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/12 12:0 a.m.•8 views

WatchGuard Firebox Out-of-Bounds Write Vulnerability

WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code...

9.8CVSS7.9AI score0.8637EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/12 12:0 a.m.•8 views

Gladinet Triofox Improper Access Control Vulnerability

Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete...

9.1CVSS6.9AI score0.90532EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/04 12:0 a.m.•8 views

Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files...

7.5CVSS6.8AI score0.92094EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/22 12:0 a.m.•8 views

Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability

Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets...

9.8CVSS7.8AI score0.02689EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/02 12:0 a.m.•8 views

Juniper ScreenOS Improper Authentication Vulnerability

Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device...

10CVSS8.1AI score0.614EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/03 12:0 a.m.•8 views

TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability

TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue produc...

6.5CVSS7AI score0.1745EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/08/25 12:0 a.m.•8 views

Citrix Session Recording Improper Privilege Management Vulnerability

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...

8CVSS9.1AI score0.01399EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/10 12:0 a.m.•8 views

Advantive VeraCore Unrestricted File Upload Vulnerability

Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx...

9.9CVSS7.4AI score0.32514EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added yesterday•7 views

SonicWall SMA1000 Appliances Code Injection Vulnerability

SonicWall SMA1000 Appliances contain a code injection vulnerability which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS7.3AI score
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 5 days ago•7 views

iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability

iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS6.2AI score0.01505EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/09 12:0 a.m.•7 views

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system...

7.8CVSS6.2AI score0.25323EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/21 12:0 a.m.•7 views

Langflow Origin Validation Error Vulnerability

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh...

9.4CVSS7.8AI score0.7889EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•7 views

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption...

9.3CVSS6.4AI score0.86583EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/22 12:0 a.m.•7 views

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally...

7.8CVSS5.7AI score0.06749EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•7 views

JetBrains TeamCity Relative Path Traversal Vulnerability

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed...

7.3CVSS7.3AI score0.99991EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2026/03/05 12:0 a.m.•7 views

Rockwell Multiple Products Insufficient Protected Credentials Vulnerability

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this...

9.8CVSS5.9AI score0.25455EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/26 12:0 a.m.•7 views

Linux Kernel Integer Overflow Vulnerability

Linux Kernel contains an integer overflow vulnerability in the createelftables function which could allow an unprivileged local user with access to SUID or otherwise privileged binary to escalate their privileges on the system...

7.8CVSS7.3AI score0.14806EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/22 12:0 a.m.•7 views

Digiever DS-2105 Pro Missing Authorization Vulnerability

Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via timetzsetup.cgi...

8.8CVSS8.2AI score0.96979EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/28 12:0 a.m.•7 views

Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability

Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application...

9.1CVSS6.9AI score0.71059EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/28 12:0 a.m.•7 views

Dassault Systèmes DELMIA Apriso Code Injection Vulnerability

Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code...

8CVSS8AI score0.76148EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/09/02 12:0 a.m.•7 views

TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker on the same network to submit a TDDPRESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by...

8.8CVSS8.7AI score0.20689EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/06/02 12:0 a.m.•7 views

ASUS RT-AX55 Routers OS Command Injection Vulnerability

ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346...

8.8CVSS8.8AI score0.33641EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•6 views

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

7.5CVSS6.1AI score0.10245EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/20 12:0 a.m.•6 views

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...

7.2CVSS5.9AI score0.03854EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/12 12:0 a.m.•6 views

Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability

Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger...

9CVSS7.1AI score0.27851EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2025/12/02 12:0 a.m.•6 views

Android Framework Privilege Escalation Vulnerability

Android Framework contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.00232EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/11/28 12:0 a.m.•6 views

OpenPLC ScadaBR Cross-site Scripting Vulnerability

OpenPLC ScadaBR contains a cross-site scripting vulnerability via systemsettings.shtm...

5.4CVSS6.3AI score0.4805EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/20 12:0 a.m.•6 views

Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

Oracle E-Business Suite contains a server-side request forgery SSRF vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication...

7.5CVSS7AI score0.97788EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/02 12:0 a.m.•6 views

Smartbedded Meteobridge Command Injection Vulnerability

Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...

8.8CVSS7.9AI score0.94991EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 23 hours ago•5 views

KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability

KNX Association KNX Protocol Connection Authorization Option 1 contains an overly restrictive account lockout mechanism vulnerability that could allow an attacker to purge all devices without additional security options enabled and set a BCU key to lock the device...

7.5CVSS6.1AI score0.00483EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added yesterday•5 views

SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability

SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location...

10CVSS7.1AI score
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/23 12:0 a.m.•5 views

Ubiquiti UniFi OS Improper Access Control Vulnerability

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system...

10CVSS5.9AI score0.02452EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/06/12 12:0 a.m.•5 views

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools...

9.8CVSS5.3AI score0.9233EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/28 12:0 a.m.•5 views

ConnectWise ScreenConnect Path Traversal Vulnerability

ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems...

8.4CVSS9.3AI score0.87624EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/03 12:0 a.m.•5 views

Sangoma FreePBX Improper Authentication Vulnerability

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin...

9.8CVSS5.4AI score0.36615EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2026/01/26 12:0 a.m.•5 views

SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability

SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator...

9.8CVSS6.1AI score0.96268EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 23 hours ago•4 views

Oracle E-Business Suite Improper Privilege Management Vulnerability

Oracle E-Business Suite contains an improper privilege management vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments...

9.8CVSS6.1AI score0.00677EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/07/07 12:0 a.m.•4 views

Langflow Authorization Bypass Through User-Controlled Key Vulnerability

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request...

8.4CVSS6AI score0.0056EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2026/04/24 12:0 a.m.•3 views

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function. The impacted product could be end-of-life EoL and/or end-of-service EoS...

7.2CVSS8.9AI score0.87239EPSS
Exploits1
Total number of security vulnerabilities1649