Lucene search
+L
Cisa KevMost viewed

1652 matches found

cisa_kev
cisa_kev
•added 2024/08/13 12:0 a.m.•57 views

Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability

Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

7.8CVSS7AI score0.27561EPSS
Exploits4
cisa_kev
cisa_kev
•added 2024/06/26 12:0 a.m.•57 views

Linux Kernel Use-After-Free Vulnerability

Linux Kernel contains a use-after-free vulnerability in the nftobject, allowing local attackers to escalate privileges...

7.8CVSS7.3AI score0.12746EPSS
Exploits7
cisa_kev
cisa_kev
•added 2024/04/12 12:0 a.m.•57 views

Palo Alto Networks PAN-OS Command Injection Vulnerability

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall...

10CVSS8.3AI score0.99999EPSS
Exploits43
cisa_kev
cisa_kev
•added 2024/01/31 12:0 a.m.•57 views

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Ivanti Connect Secure ICS, formerly known as Pulse Connect Secure, Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery SSRF vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication...

8.2CVSS7.1AI score0.99999EPSS
Exploits5
cisa_kev
cisa_kev
•added 2022/12/13 12:0 a.m.•57 views

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

5.4CVSS3AI score0.76106EPSS
Exploits0
cisa_kev
cisa_kev
•added 2022/09/08 12:0 a.m.•57 views

D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information...

6.8CVSS4.3AI score0.03128EPSS
Exploits0
cisa_kev
cisa_kev
•added 2022/08/18 12:0 a.m.•57 views

Google Chromium Intents Insufficient Input Validation Vulnerability

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google...

6.5CVSS7.1AI score0.04493EPSS
Exploits1
cisa_kev
cisa_kev
•added 2022/06/09 12:0 a.m.•57 views

SAP NetWeaver Information Disclosure Vulnerability

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request...

5.3CVSS4AI score0.51553EPSS
Exploits10
cisa_kev
cisa_kev
•added 2022/05/25 12:0 a.m.•57 views

Red Hat JBoss Authentication Bypass Vulnerability

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method...

5.3CVSS4.8AI score0.79415EPSS
Exploits28
cisa_kev
cisa_kev
•added 2022/01/21 12:0 a.m.•57 views

Apache Struts 2 Improper Input Validation Vulnerability

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

9.8CVSS9AI score0.75071EPSS
Exploits11
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•57 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...

7.6CVSS7.8AI score0.29822EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/09/09 12:0 a.m.•56 views

ImageMagick Improper Input Validation Vulnerability

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

10CVSS7.8AI score0.97485EPSS
Exploits11
cisa_kev
cisa_kev
•added 2023/02/21 12:0 a.m.•56 views

IBM Aspera Faspex Code Execution Vulnerability

IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw...

9.8CVSS5.8AI score0.99968EPSS
Exploits5
cisa_kev
cisa_kev
•added 2022/12/13 12:0 a.m.•56 views

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

9.8CVSS9.4AI score0.06931EPSS
Exploits1
cisa_kev
cisa_kev
•added 2022/06/08 12:0 a.m.•56 views

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

The Authenticode Signature Verification function in Microsoft Windows WinVerifyTrust does not properly validate the digest of a signed portable executable PE file, which allows user-assisted remote attackers to execute code...

9.3CVSS6.6AI score0.8878EPSS
Exploits1
cisa_kev
cisa_kev
•added 2022/03/25 12:0 a.m.•56 views

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...

10CVSS5.2AI score0.18326EPSS
Exploits0
cisa_kev
cisa_kev
•added 2022/03/25 12:0 a.m.•56 views

Citrix Multiple Products Remote Code Execution Vulnerability

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability al...

10CVSS3.6AI score0.72596EPSS
Exploits4
cisa_kev
cisa_kev
•added 2022/03/03 12:0 a.m.•56 views

Microsoft Forefront TMG Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Forefront Threat Management Gateway TMG Firewall Client Winsock provider that could allow code execution in the security context of the client application...

10CVSS3.4AI score0.48368EPSS
Exploits1
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•56 views

Arcadyan Buffalo Firmware Path Traversal Vulnerability

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors...

9.8CVSS8.4AI score0.99983EPSS
Exploits5
cisa_kev
cisa_kev
•added 2025/09/29 12:0 a.m.•55 views

Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability

Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol SNMP subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload,...

7.7CVSS9.7AI score0.37613EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/03/04 12:0 a.m.•55 views

VMware ESXi Arbitrary Write Vulnerability

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox...

8.2CVSS8.7AI score0.00963EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/08/21 12:0 a.m.•55 views

Linux Kernel Heap-Based Buffer Overflow Vulnerability

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

8.4CVSS8.4AI score0.25151EPSS
Exploits11
cisa_kev
cisa_kev
•added 2024/08/13 12:0 a.m.•55 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file...

6.5CVSS6.7AI score0.1337EPSS
Exploits1
cisa_kev
cisa_kev
•added 2024/04/04 12:0 a.m.•55 views

Android Pixel Privilege Escalation Vulnerability

Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app...

7.8CVSS7.2AI score0.0068EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/02/15 12:0 a.m.•55 views

Cisco ASA and FTD Information Disclosure Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software...

7.5CVSS7AI score0.71789EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/02/13 12:0 a.m.•55 views

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both...

7.6CVSS7.5AI score0.30344EPSS
Exploits0
cisa_kev
cisa_kev
•added 2023/12/04 12:0 a.m.•55 views

Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

6.5CVSS7.1AI score0.17823EPSS
Exploits0
cisa_kev
cisa_kev
•added 2023/02/14 12:0 a.m.•55 views

Apple Multiple Products WebKit Type Confusion Vulnerability

Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely...

8.8CVSS8.7AI score0.09426EPSS
Exploits0
cisa_kev
cisa_kev
•added 2022/08/11 12:0 a.m.•55 views

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution...

9.8CVSS8.8AI score0.98586EPSS
Exploits16
cisa_kev
cisa_kev
•added 2022/05/04 12:0 a.m.•55 views

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code...

9.3CVSS7.6AI score0.85239EPSS
Exploits23
cisa_kev
cisa_kev
•added 2022/03/15 12:0 a.m.•55 views

Microsoft Task Scheduler Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations...

7.8CVSS7.6AI score0.06117EPSS
Exploits1
cisa_kev
cisa_kev
•added 2022/02/15 12:0 a.m.•55 views

PHPUnit Command Injection Vulnerability

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...

9.8CVSS6.7AI score0.99999EPSS
Exploits19
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•55 views

SolarWinds Orion Authentication Bypass Vulnerability

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...

9.8CVSS9.3AI score0.9198EPSS
Exploits3
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•55 views

SolarWinds Virtualization Manager Privilege Escalation Vulnerability

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.6AI score0.03704EPSS
Exploits5
cisa_kev
cisa_kev
•added 2025/04/08 12:0 a.m.•54 views

Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing fo...

9.8CVSS9.6AI score0.93842EPSS
Exploits6
cisa_kev
cisa_kev
•added 2025/02/21 12:0 a.m.•54 views

Microsoft Power Pages Improper Access Control Vulnerability

Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control...

9.8CVSS8.1AI score0.01659EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/08/13 12:0 a.m.•54 views

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition...

7CVSS6.9AI score0.06337EPSS
Exploits0
cisa_kev
cisa_kev
•added 2024/01/23 12:0 a.m.•54 views

Apple Multiple Products WebKit Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products whi...

8.8CVSS8.7AI score0.10593EPSS
Exploits6
cisa_kev
cisa_kev
•added 2024/01/08 12:0 a.m.•54 views

Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRETKEY according to installation instructions...

9.8CVSS7.1AI score0.97405EPSS
Exploits20
cisa_kev
cisa_kev
•added 2023/07/11 12:0 a.m.•54 views

Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt...

8.8CVSS6.7AI score0.04401EPSS
Exploits0
cisa_kev
cisa_kev
•added 2023/06/22 12:0 a.m.•54 views

Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows...

7.5CVSS7AI score0.87598EPSS
Exploits13
cisa_kev
cisa_kev
•added 2023/05/31 12:0 a.m.•54 views

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device...

9.8CVSS7.5AI score0.99284EPSS
Exploits8
cisa_kev
cisa_kev
•added 2022/05/24 12:0 a.m.•54 views

Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability

A buffer overflow vulnerability in the Simple Network Management Protocol SNMP code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code...

8.8CVSS5.2AI score0.87565EPSS
Exploits7
cisa_kev
cisa_kev
•added 2022/03/03 12:0 a.m.•54 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...

9CVSS4.1AI score0.1055EPSS
Exploits0
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•54 views

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for...

9.8CVSS9.4AI score0.99992EPSS
Exploits176
cisa_kev
cisa_kev
•added 2021/11/03 12:0 a.m.•54 views

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service DoS condition, or perform code execution on the affected device...

10CVSS9.2AI score0.9951EPSS
Exploits2
cisa_kev
cisa_kev
•added 4 days ago•53 views

Cisco IOS Cross-Site Request Forgery Vulnerability

Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias exec" command to the /level/15/exec/-/configure/http URI...

9.3CVSS6.3AI score0.23857EPSS
Exploits1
cisa_kev
cisa_kev
•added 2025/03/19 12:0 a.m.•53 views

Edimax IC-7100 IP Camera OS Command Injection Vulnerability

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue...

9.8CVSS8.2AI score0.7227EPSS
Exploits2
cisa_kev
cisa_kev
•added 2024/01/08 12:0 a.m.•53 views

D-Link DSL-2750B Devices Command Injection Vulnerability

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

9.8CVSS8AI score0.6043EPSS
Exploits1
cisa_kev
cisa_kev
•added 2023/06/13 12:0 a.m.•53 views

Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests...

9.8CVSS7.9AI score0.85689EPSS
Exploits10
Total number of security vulnerabilities1652