Lucene search
K
Cisa KevMost viewed

1649 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2023/10/10 12:0 a.m.640 views

HTTP/2 Rapid Reset Attack Vulnerability

HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack DDoS...

7.5CVSS6.9AI score0.99999EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/03 12:0 a.m.588 views

Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands...

10CVSS9.5AI score0.99877EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.373 views

Dahua IP Camera Authentication Bypass Vulnerability

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication...

10CVSS7.1AI score0.99871EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/23 12:0 a.m.360 views

Versa Director Dangerous File Type Upload Vulnerability

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...

7.2CVSS6.9AI score0.04006EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.338 views

Dahua IP Camera Authentication Bypass Vulnerability

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...

10CVSS7.1AI score0.99556EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.313 views

D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...

9.8CVSS7.7AI score0.98053EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/15 12:0 a.m.303 views

DrayTek Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface...

9.8CVSS7.8AI score0.98084EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/30 12:0 a.m.292 views

Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web MotW feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file...

8.8CVSS7.3AI score0.45151EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/16 12:0 a.m.286 views

Cacti Command Injection Vulnerability

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code...

9.8CVSS3.5AI score0.99826EPSS
Exploits48
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.269 views

Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...

10CVSS9.6AI score0.08672EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/13 12:0 a.m.256 views

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec...

8.8CVSS7.5AI score0.99735EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.240 views

Kingsoft WPS Office Path Traversal Vulnerability

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

9.3CVSS6.9AI score0.01773EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/24 12:0 a.m.239 views

Cisco ASA and FTD Denial-of-Service Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service DoS of the RAVPN service...

5.8CVSS7.1AI score0.15953EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/04/17 12:0 a.m.210 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.40798EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/02 12:0 a.m.207 views

Google Chromium libvpx Heap Buffer Overflow Vulnerability

Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome...

8.8CVSS9.3AI score0.49013EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2023/04/21 12:0 a.m.206 views

Google Chrome Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other...

9.6CVSS8.5AI score0.05786EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/25 12:0 a.m.202 views

Apple Multiple Products WebKit Code Execution Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely ...

8.8CVSS9.4AI score0.29179EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.191 views

Microsoft Windows Privilege Escalation Vulnerability

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges...

7.8CVSS5.1AI score0.05188EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/28 12:0 a.m.185 views

Google Chromium V8 Inappropriate Implementation Vulnerability

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS6.8AI score0.17227EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.182 views

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...

8.1CVSS3.5AI score0.86431EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/28 12:0 a.m.182 views

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code...

10CVSS9.5AI score0.99999EPSS
Exploits132
CISA KEV Catalog
CISA KEV Catalog
added 2023/04/19 12:0 a.m.174 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS8.6AI score0.21424EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.174 views

PHP-CGI Query String Parameter Vulnerability

sapi/cgi/cgimain.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code...

9.8CVSS6.3AI score0.99998EPSS
Exploits42
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.167 views

Microsoft Windows Installer Improper Privilege Management Vulnerability

Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges...

7.8CVSS8.2AI score0.06008EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/14 12:0 a.m.167 views

Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

Microsoft Windows Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.3AI score0.11977EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/19 12:0 a.m.165 views

Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

Ivanti Cloud Services Appliance CSA contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary...

9.4CVSS8.4AI score0.98557EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/27 12:0 a.m.163 views

Apache OFBiz Incorrect Authorization Vulnerability

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker...

9.8CVSS7.8AI score0.99427EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.162 views

Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

Microsoft Windows Mark of the Web MOTW contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW...

5.4CVSS6.7AI score0.09756EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.158 views

SolarWinds Web Help Desk Hardcoded Credential Vulnerability

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

9.1CVSS7AI score0.93299EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.153 views

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process...

9.8CVSS7.5AI score0.32568EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.152 views

Microsoft Publisher Protection Mechanism Failure Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files...

7.3CVSS7.1AI score0.02667EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/16 12:0 a.m.142 views

Cisco IOS XE Web UI Privilege Escalation Vulnerability

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device...

10CVSS7.6AI score0.99571EPSS
Exploits27
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/19 12:0 a.m.141 views

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

8.8CVSS7.9AI score0.84796EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/13 12:0 a.m.139 views

Google Skia Out-of-Bounds Write Vulnerability

Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products...

8.8CVSS6.2AI score0.01629EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/08/24 12:0 a.m.138 views

RARLAB WinRAR Code Execution Vulnerability

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive...

7.8CVSS7.3AI score0.97798EPSS
Exploits49
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.138 views

WordPress File Manager Plugin Remote Code Execution Vulnerability

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...

10CVSS9.8AI score0.97328EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/26 12:0 a.m.137 views

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that allows a remote attacker to run malicious JavaScript code...

6.1CVSS5.1AI score0.75873EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.135 views

Microsoft Windows Update Use-After-Free Vulnerability

Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution...

9.7AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/29 12:0 a.m.135 views

ServiceNow Improper Input Validation Vulnerability

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely...

9.8CVSS9.6AI score0.99976EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/05 12:0 a.m.133 views

Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability

Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation...

7.8CVSS6.6AI score0.00943EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/02 12:0 a.m.132 views

Progress MOVEit Transfer SQL Injection Vulnerability

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to infer informati...

9.8CVSS8.1AI score0.99934EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
added 2023/04/10 12:0 a.m.131 views

Apple Multiple Products WebKit Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rel...

8.8CVSS8.9AI score0.27076EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/24 12:0 a.m.130 views

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account...

9.8CVSS7.2AI score0.99987EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/29 12:0 a.m.129 views

Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability

Acronis Cyber Infrastructure ACI allows an unauthenticated user to execute commands remotely due to the use of default passwords...

9.8CVSS7.6AI score0.53255EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.127 views

Microsoft Windows Kernel Exception Handler Vulnerability

The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges...

7.8CVSS4AI score0.29253EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/22 12:0 a.m.126 views

Roundcube Webmail SQL Injection Vulnerability

Roundcube Webmail is vulnerable to SQL injection via search or searchparams...

9.8CVSS8.1AI score0.42751EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/08 12:0 a.m.126 views

Adobe Acrobat and Reader Buffer Overflow Vulnerability

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods...

9.3CVSS7.2AI score0.94222EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/29 12:0 a.m.125 views

ServiceNow Incomplete List of Disallowed Inputs Vulnerability

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely...

9.8CVSS7.5AI score0.99628EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.123 views

Apache Struts Deserialization of Untrusted Data Vulnerability

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...

8.1CVSS8.5AI score0.99461EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/07 12:0 a.m.122 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.32724EPSS
Exploits2
Total number of security vulnerabilities1649