Lucene search
K
Cisa KevMost viewed

1647 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/14 12:0 a.m.•60 views

Apple iOS Type Confusion Vulnerability

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution...

8.8CVSS2.8AI score0.08523EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•60 views

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code...

9.3CVSS7.1AI score0.25198EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•60 views

Hikvision Improper Input Validation

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation...

9.8CVSS2.9AI score0.99869EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/10 12:0 a.m.•60 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.4AI score0.94104EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•60 views

Microsoft Office OLE DLL Side Loading Vulnerability

Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...

9.3CVSS7.7AI score0.43431EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/27 12:0 a.m.•59 views

Google Chromium Mojo Sandbox Escape Vulnerability

Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

8.3CVSS8.2AI score0.08404EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/04 12:0 a.m.•59 views

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...

8.8CVSS8.9AI score0.0937EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/12 12:0 a.m.•58 views

Atlassian Jira Server and Data Center Path Traversal Vulnerability

Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint...

5.3CVSS6.7AI score0.99999EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/09 12:0 a.m.•58 views

Fortinet Multiple Products Format String Vulnerability

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS8.1AI score0.61725EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/13 12:0 a.m.•58 views

Microsoft Project Remote Code Execution Vulnerability

Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file...

8.8CVSS7.7AI score0.07871EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/13 12:0 a.m.•58 views

Microsoft Windows Scripting Engine Memory Corruption Vulnerability

Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL...

7.5CVSS7.6AI score0.39196EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/06/22 12:0 a.m.•58 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.13841EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/30 12:0 a.m.•58 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...

8.8CVSS9AI score0.9997EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/30 12:0 a.m.•58 views

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request...

8.8CVSS2.1AI score0.99077EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/09 12:0 a.m.•58 views

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application...

7.8CVSS3.7AI score0.6798EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•58 views

Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

6.5CVSS4AI score0.18069EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•58 views

Oracle BI Publisher Unauthorized Access Vulnerability

Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass...

7.2CVSS7.1AI score0.92183EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•58 views

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory...

7.8CVSS3AI score0.57482EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•58 views

Microsoft Excel Featheader Record Memory Corruption Vulnerability

Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset...

9.3CVSS8AI score0.85731EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2025/04/01 12:0 a.m.•57 views

Apache Tomcat Path Equivalence Vulnerability

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...

10CVSS7.3AI score0.99945EPSS
Exploits47
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/13 12:0 a.m.•57 views

Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS7AI score0.27561EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/26 12:0 a.m.•57 views

Linux Kernel Use-After-Free Vulnerability

Linux Kernel contains a use-after-free vulnerability in the nftobject, allowing local attackers to escalate privileges...

7.8CVSS7.3AI score0.12746EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/12 12:0 a.m.•57 views

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall...

10CVSS8.3AI score0.99999EPSS
Exploits43
CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/31 12:0 a.m.•57 views

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure, Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery SSRF vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication...

8.2CVSS7.1AI score0.99999EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2024/01/17 12:0 a.m.•57 views

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

8.2CVSS7.8AI score0.57633EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/08/22 12:0 a.m.•57 views

Ivanti Sentry Authentication Bypass Vulnerability

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration...

9.8CVSS9.1AI score0.99949EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2023/04/07 12:0 a.m.•57 views

Arm Mali GPU Kernel Driver Information Disclosure Vulnerability

Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata...

3.3CVSS4.4AI score0.01429EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•57 views

D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information...

6.8CVSS4.3AI score0.03128EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/08/18 12:0 a.m.•57 views

Google Chromium Intents Insufficient Input Validation Vulnerability

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

6.5CVSS7.1AI score0.04493EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•57 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...

9.3CVSS8.8AI score0.95121EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•57 views

Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey, perform cross-site-scripting XSS attacks, compromise the ASP.NET ViewState,...

9.8CVSS8.7AI score0.75098EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2024/11/07 12:0 a.m.•56 views

CyberPanel Incorrect Default Permissions Vulnerability

CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root...

10CVSS7.7AI score0.86725EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/09 12:0 a.m.•56 views

ImageMagick Improper Input Validation Vulnerability

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

10CVSS7.8AI score0.97485EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/05 12:0 a.m.•56 views

Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script...

8.8CVSS8.5AI score0.73469EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/12 12:0 a.m.•56 views

Jenkins User Interface (UI) Information Disclosure Vulnerability

Jenkins User Interface UI contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages...

7.5CVSS8.3AI score0.22429EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/13 12:0 a.m.•56 views

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

5.4CVSS3AI score0.76106EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/13 12:0 a.m.•56 views

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

9.8CVSS9.4AI score0.06931EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•56 views

D-Link Multiple Routers OS Command Injection Vulnerability

Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands...

10CVSS9.1AI score0.96682EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•56 views

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

The Authenticode Signature Verification function in Microsoft Windows WinVerifyTrust does not properly validate the digest of a signed portable executable PE file, which allows user-assisted remote attackers to execute code...

9.3CVSS6.6AI score0.8878EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•56 views

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...

10CVSS5.2AI score0.18554EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•56 views

Microsoft Forefront TMG Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Forefront Threat Management Gateway TMG Firewall Client Winsock provider that could allow code execution in the security context of the client application...

10CVSS3.4AI score0.48368EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/21 12:0 a.m.•56 views

Apache Struts 2 Improper Input Validation Vulnerability

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

9.8CVSS9AI score0.75071EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•56 views

Arcadyan Buffalo Firmware Path Traversal Vulnerability

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors...

9.8CVSS8.4AI score0.99983EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•56 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798...

9.3CVSS8.1AI score0.95121EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/04 12:0 a.m.•55 views

VMware ESXi Arbitrary Write Vulnerability

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox...

8.2CVSS8.7AI score0.00963EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/13 12:0 a.m.•55 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file...

6.5CVSS6.7AI score0.1337EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/04 12:0 a.m.•55 views

Android Pixel Privilege Escalation Vulnerability

Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app...

7.8CVSS7.2AI score0.0068EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/15 12:0 a.m.•55 views

Cisco ASA and FTD Information Disclosure Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software...

7.5CVSS7AI score0.71789EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/13 12:0 a.m.•55 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both...

7.6CVSS7.5AI score0.30344EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/12/04 12:0 a.m.•55 views

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

6.5CVSS7.1AI score0.17823EPSS
Exploits0
Total number of security vulnerabilities1647