Lucene search
K
Cisa KevMost viewed

1649 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/17 12:0 a.m.•71 views

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS8.6AI score0.03769EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/21 12:0 a.m.•71 views

Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability

Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target...

7.2CVSS7.5AI score0.04739EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/11 12:0 a.m.•70 views

Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt...

8.8CVSS6.7AI score0.15522EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/28 12:0 a.m.•70 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.0675EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/13 12:0 a.m.•69 views

Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability

Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code...

6.7CVSS4.7AI score0.01657EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/07/27 12:0 a.m.•69 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data...

6.1CVSS6.2AI score0.60034EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/14 12:0 a.m.•69 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

4.4CVSS6.6AI score0.78152EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/11 12:0 a.m.•69 views

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4AI score0.01763EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/18 12:0 a.m.•69 views

Apple iOS and macOS Out-of-Bounds Write Vulnerability

Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges...

7.8CVSS5.3AI score0.03259EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•69 views

DotNetNuke (DNN) Remote Code Execution Vulnerability

DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...

8.8CVSS8.9AI score0.94789EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2026/05/20 12:0 a.m.•68 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...

9.3CVSS7.7AI score0.91885EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/10 12:0 a.m.•68 views

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges...

8.6CVSS8.4AI score0.24513EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•68 views

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...

8.8CVSS2.5AI score0.24623EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/14 12:0 a.m.•68 views

Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability

Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges...

7.8CVSS4.2AI score0.05557EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/25 12:0 a.m.•68 views

Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability

In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions...

7.5CVSS7.3AI score0.03673EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•68 views

Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk...

6.5CVSS1.9AI score0.3279EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•68 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...

9.3CVSS8.8AI score0.95121EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•68 views

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems...

9.1CVSS6.2AI score0.98695EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/30 12:0 a.m.•67 views

ownCloud graphapi Information Disclosure Vulnerability

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...

10CVSS6.6AI score0.78428EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•67 views

Dasan GPON Routers Command Injection Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...

9.8CVSS6.3AI score0.99948EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/18 12:0 a.m.•66 views

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application...

10CVSS7.4AI score0.99999EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/10 12:0 a.m.•66 views

Microsoft Skype for Business Privilege Escalation Vulnerability

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation...

5.3CVSS7AI score0.90353EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/13 12:0 a.m.•66 views

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

10CVSS7.2AI score0.04279EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/08 12:0 a.m.•66 views

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

5.4CVSS2.2AI score0.01986EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•66 views

Microsoft Windows CSRSS Security Feature Bypass Vulnerability

The Client-Server Run-time Subsystem CSRSS in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application...

7.8CVSS6AI score0.63195EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•66 views

Microsoft Windows Media Center Remote Code Execution Vulnerability

Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...

9.3CVSS8AI score0.6994EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/12/10 12:0 a.m.•65 views

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Microsoft Windows Common Log File System CLFS driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges...

7.8CVSS7.1AI score0.25414EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/12 12:0 a.m.•65 views

Microsoft Word Information Disclosure Vulnerability

Microsoft Word contains an unspecified vulnerability that allows for information disclosure...

6.5CVSS6.5AI score0.18959EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•65 views

Linux Kernel Privilege Escalation Vulnerability

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."...

7.8CVSS3.5AI score0.89063EPSS
Exploits100
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•65 views

HP OpenView Network Node Manager Remote Code Execution Vulnerability

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system...

9.8CVSS5.1AI score0.7409EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/04 12:0 a.m.•64 views

VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...

7.1CVSS7.5AI score0.01676EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/10 12:0 a.m.•64 views

Microsoft WordPad Information Disclosure Vulnerability

Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure...

6.5CVSS6.5AI score0.20719EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•64 views

Microsoft Silverlight Runtime Remote Code Execution Vulnerability

Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service DoS...

9.3CVSS8.8AI score0.69709EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•64 views

Microsoft Office Use-After-Free Vulnerability

Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution...

9.3CVSS3.8AI score0.7813EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•64 views

Microsoft Office Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands...

7.8CVSS2.9AI score0.58204EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/04 12:0 a.m.•63 views

VMware ESXi and Workstation TOCTOU Race Condition Vulnerability

VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...

9.3CVSS9.2AI score0.01524EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/04 12:0 a.m.•63 views

Paessler PRTG Network Monitor OS Command Injection Vulnerability

Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console...

9CVSS7.7AI score0.87173EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/11/28 12:0 a.m.•63 views

Google Chromium GPU Heap Buffer Overflow Vulnerability

Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but n...

9.6CVSS9.5AI score0.31864EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•63 views

Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

6.5CVSS4AI score0.18069EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/30 12:0 a.m.•62 views

Google Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other produc...

9.6CVSS9.4AI score0.1963EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/19 12:0 a.m.•62 views

Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability

Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 IKEv1 security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 IKEv1 that could allow an attacker ...

7.5CVSS6.2AI score0.87313EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/15 12:0 a.m.•62 views

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution...

9.8CVSS9.4AI score0.97339EPSS
Exploits13
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/23 12:0 a.m.•62 views

Sophos Firewall Code Injection Vulnerability

A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.1AI score0.98905EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•62 views

Microsoft Windows Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC...

7.8CVSS2.6AI score0.18386EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•62 views

Microsoft Excel Featheader Record Memory Corruption Vulnerability

Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset...

9.3CVSS8AI score0.85731EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2025/10/06 12:0 a.m.•61 views

Microsoft Windows Remote Code Execution Vulnerability

Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page...

9.3CVSS7.8AI score0.78285EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/22 12:0 a.m.•61 views

Google Chromium ANGLE and GPU Improper Input Validation Vulnerability

Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...

8.8CVSS7.4AI score0.09185EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•61 views

Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability

Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally...

7.8CVSS8.2AI score0.03705EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/13 12:0 a.m.•61 views

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass...

8.1CVSS7.2AI score0.95443EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/23 12:0 a.m.•61 views

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...

8.8CVSS8.9AI score0.22951EPSS
Exploits1
Total number of security vulnerabilities1649