Lucene search
K
Cisa KevMost viewed

1643 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.50 views

SolarWinds Virtualization Manager Privilege Escalation Vulnerability

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.6AI score0.03704EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.50 views

Microsoft Windows Server Buffer Overflow Vulnerability

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...

10CVSS9.3AI score0.99823EPSS
Exploits39
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/28 12:0 a.m.49 views

Cisco Identity Services Engine Injection Vulnerability

Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...

10CVSS7.3AI score0.96732EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/11 12:0 a.m.49 views

Microsoft Windows NTFS Information Disclosure Vulnerability

Microsoft Windows New Technology File System NTFS contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portio...

4.6CVSS5.7AI score0.01831EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2025/02/04 12:0 a.m.49 views

Paessler PRTG Network Monitor OS Command Injection Vulnerability

Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console...

9CVSS7.7AI score0.87173EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/08 12:0 a.m.49 views

Joomla! Improper Access Control Vulnerability

Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints...

5.3CVSS7.1AI score0.99827EPSS
Exploits43
CISA KEV Catalog
CISA KEV Catalog
added 2023/10/31 12:0 a.m.49 views

F5 BIG-IP Configuration Utility SQL Injection Vulnerability

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747...

9.8CVSS8.3AI score0.96515EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/11 12:0 a.m.49 views

Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability

Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061...

7.8CVSS7.5AI score0.15263EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2023/05/12 12:0 a.m.49 views

Red Hat Polkit Incorrect Authorization Vulnerability

Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation...

7.8CVSS7.7AI score0.22193EPSS
Exploits37
CISA KEV Catalog
CISA KEV Catalog
added 2022/11/08 12:0 a.m.49 views

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS8AI score0.03021EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/25 12:0 a.m.49 views

Microsoft Windows Open Type Font Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system...

9.3CVSS4.4AI score0.64835EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.49 views

SAP NetWeaver Directory Traversal Vulnerability

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files...

7.5CVSS7.1AI score0.46605EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/26 12:0 a.m.48 views

Microsoft SharePoint Server Code Injection Vulnerability

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...

7.2CVSS7.3AI score0.85395EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/02 12:0 a.m.48 views

Google Chromium WebRTC Heap Buffer Overflow Vulnerability

Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC...

8.8CVSS9.1AI score0.07356EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2023/11/07 12:0 a.m.48 views

Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data...

10CVSS7.3AI score0.99999EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/13 12:0 a.m.48 views

Android Framework Privilege Escalation Vulnerability

Android Framework contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS7.1AI score0.02203EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/06/05 12:0 a.m.48 views

Zyxel Multiple Firewalls Buffer Overflow Vulnerability

Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service DoS conditions and remote code execution on an affected device...

9.8CVSS8.4AI score0.28813EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/09/14 12:0 a.m.48 views

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.9AI score0.28483EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/11 12:0 a.m.48 views

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...

9.8CVSS8.6AI score0.98586EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/09 12:0 a.m.48 views

RARLAB UnRAR Directory Traversal Vulnerability

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract unpack operation...

7.5CVSS5.7AI score0.98975EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/09 12:0 a.m.48 views

SAP NetWeaver Information Disclosure Vulnerability

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request...

5.3CVSS4AI score0.51553EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/02 12:0 a.m.48 views

Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution...

9.8CVSS5.6AI score0.99999EPSS
Exploits76
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.48 views

Microsoft Edge Memory Corruption Vulnerability

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

8.8CVSS6.2AI score0.8249EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.48 views

Citrix Multiple Products Remote Code Execution Vulnerability

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability al...

10CVSS3.6AI score0.72596EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.48 views

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution...

9.3CVSS4AI score0.57705EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/01/10 12:0 a.m.48 views

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

9.8CVSS4.4AI score0.94104EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/07 12:0 a.m.47 views

GeoVision Devices OS Command Injection Vulnerability

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

9.8CVSS9.9AI score0.10072EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/09 12:0 a.m.47 views

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

7.2CVSS7.5AI score0.62988EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/25 12:0 a.m.47 views

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...

9.8CVSS8.7AI score0.97591EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2023/01/10 12:0 a.m.47 views

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution...

9.8CVSS4.1AI score0.9997EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2022/10/20 12:0 a.m.47 views

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite ZCS allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts...

9.8CVSS9.7AI score0.95478EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2022/09/15 12:0 a.m.47 views

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution...

7.2CVSS3.7AI score0.03054EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/06/14 12:0 a.m.47 views

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...

9.3CVSS8.2AI score0.99374EPSS
Exploits62
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/24 12:0 a.m.47 views

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory...

10CVSS3.9AI score0.7376EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/04/13 12:0 a.m.47 views

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service DoS...

9.3CVSS6.9AI score0.51127EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/31 12:0 a.m.47 views

Dasan GPON Routers Command Injection Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...

9.8CVSS6.3AI score0.99948EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/28 12:0 a.m.47 views

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

7.8CVSS5.6AI score0.08661EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.47 views

Kentico Xperience Deserialization of Untrusted Data Vulnerability

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...

9.8CVSS5.4AI score0.96031EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/03 12:0 a.m.47 views

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor CP that allows a privileged attacker to remotely cause a denial of service...

7.5CVSS5.9AI score0.03624EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.47 views

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE I...

9.8CVSS9.3AI score0.99992EPSS
Exploits175
CISA KEV Catalog
CISA KEV Catalog
added 2025/09/25 12:0 a.m.46 views

Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability

Cisco Secure Firewall Adaptive Security ASA Appliance and Secure Firewall Threat Defense FTD Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362...

9.9CVSS8.3AI score0.85543EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2025/04/08 12:0 a.m.46 views

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS7.1AI score0.13475EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/11 12:0 a.m.46 views

Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

Microsoft Windows New Technology File System NTFS contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally...

7.8CVSS8.2AI score0.02092EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/18 12:0 a.m.46 views

Progress Kemp LoadMaster OS Command Injection Vulnerability

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...

10CVSS7.6AI score0.95388EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/09 12:0 a.m.46 views

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...

7.8CVSS7AI score0.07058EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/05/29 12:0 a.m.46 views

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...

8.7CVSS7.1AI score0.26937EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/01/08 12:0 a.m.46 views

D-Link DSL-2750B Devices Command Injection Vulnerability

D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...

9.8CVSS8AI score0.6043EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/14 12:0 a.m.46 views

Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution...

7.8CVSS7.4AI score0.07036EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/10 12:0 a.m.46 views

TerraMaster OS Remote Command Execution Vulnerability

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

9.8CVSS3.9AI score0.8405EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2023/02/02 12:0 a.m.46 views

Oracle E-Business Suite Unspecified Vulnerability

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator...

9.8CVSS3.2AI score0.98342EPSS
Exploits7
Total number of security vulnerabilities1643