Lucene search
K
Cisa KevMost viewed

1647 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/14 12:0 a.m.•47 views

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...

9.3CVSS8.2AI score0.99374EPSS
Exploits62
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•47 views

Kentico Xperience Deserialization of Untrusted Data Vulnerability

Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...

9.8CVSS5.4AI score0.96031EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•47 views

TP-Link Multiple Archer Devices Directory Traversal Vulnerability

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. dot dot in the PATHINFO to login/...

7.8CVSS6.5AI score0.83772EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•47 views

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor CP that allows a privileged attacker to remotely cause a denial of service...

7.5CVSS5.9AI score0.03624EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•47 views

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE I...

9.8CVSS9.3AI score0.99992EPSS
Exploits176
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•47 views

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...

7.6CVSS7.8AI score0.29822EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/09 12:0 a.m.•46 views

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...

7.8CVSS7AI score0.07058EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/29 12:0 a.m.•46 views

Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability

Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...

8.7CVSS7.1AI score0.26937EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/03/25 12:0 a.m.•46 views

Nice Linear eMerge E3-Series OS Command Injection Vulnerability

Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution...

10CVSS8.4AI score0.97136EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/14 12:0 a.m.•46 views

Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability

Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution...

7.8CVSS7.4AI score0.07036EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/10 12:0 a.m.•46 views

TerraMaster OS Remote Command Execution Vulnerability

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

9.8CVSS3.9AI score0.8405EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/02 12:0 a.m.•46 views

Oracle E-Business Suite Unspecified Vulnerability

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator...

9.8CVSS3.2AI score0.98342EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2022/12/13 12:0 a.m.•46 views

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

8.8CVSS7.2AI score0.05942EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•46 views

Linux Kernel Privilege Escalation Vulnerability

Linux Kernel contains a flaw in the packet socket AFPACKET implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service DoS or possibly for privilege escalation...

7.2CVSS7.1AI score0.05918EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/07 12:0 a.m.•46 views

NETGEAR Multiple Routers Remote Code Execution Vulnerability

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution...

9.3CVSS5.3AI score0.99781EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•46 views

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...

9CVSS4.3AI score0.1055EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.5AI score0.10337EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Roundcube Webmail File Disclosure Vulnerability

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...

7.8CVSS7.1AI score0.36919EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

SAP NetWeaver XML External Entity (XXE) Vulnerability

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.2AI score0.23805EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS9.5AI score0.99728EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/28 12:0 a.m.•45 views

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

8.8CVSS8.9AI score0.29246EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/18 12:0 a.m.•45 views

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

9.8CVSS9.7AI score0.62478EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2023/01/23 12:0 a.m.•45 views

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

9.8CVSS2.6AI score0.99753EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•45 views

QNAP Photo Station Externally Controlled Reference Vulnerability

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

10CVSS2.9AI score0.87908EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

Cisco IOS and IOS XE Remote Code Execution Vulnerability

A vulnerability in the Cisco Cluster Management Protocol CMP processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges...

10CVSS4.7AI score0.98975EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS3.7AI score0.99988EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...

10CVSS5AI score0.8345EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•45 views

Microsoft HTTP.sys Remote Code Execution Vulnerability

Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...

10CVSS7AI score0.99999EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•44 views

Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability

Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...

5.5CVSS6.4AI score0.01852EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/21 12:0 a.m.•44 views

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...

7.2CVSS7.4AI score0.4638EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/15 12:0 a.m.•44 views

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS8.2AI score0.99813EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/04 12:0 a.m.•44 views

Android Pixel Information Disclosure Vulnerability

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...

5.5CVSS6.7AI score0.00482EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/29 12:0 a.m.•44 views

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

8.4CVSS7.2AI score0.22133EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•44 views

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the P...

9.8CVSS7.6AI score0.93546EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/04 12:0 a.m.•44 views

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges...

7CVSS7.1AI score0.01872EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/12 12:0 a.m.•44 views

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability

Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.261EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/19 12:0 a.m.•44 views

Cisco IOS Denial-of-Service Vulnerability

Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell RSH, Secure Shell SSH, and in some cases, Hypertext Transport Protocol HTTP access to the Cisco device...

5.9CVSS7AI score0.05133EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•44 views

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

8.8CVSS8.8AI score0.12588EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/02 12:0 a.m.•44 views

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...

8.8CVSS8.9AI score0.80274EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/10/24 12:0 a.m.•44 views

GIGABYTE Multiple Products Unspecified Vulnerability

The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system...

7.8CVSS3.3AI score0.03597EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•44 views

Adobe Flash Player Integer Overflow Vulnerability

Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...

9.3CVSS7.1AI score0.21194EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•44 views

Apple macOS Out-of-Bounds Read Vulnerability

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...

5.5CVSS3.2AI score0.01132EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•44 views

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.7AI score0.99796EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•44 views

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

9.9CVSS5.2AI score0.75594EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•44 views

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability

The Kerberos Key Distribution Center KDC in Microsoft allows remote authenticated domain users to obtain domain administrator privileges...

9CVSS5.9AI score0.87448EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/15 12:0 a.m.•44 views

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...

7.8CVSS2.9AI score0.414EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•44 views

Cisco IOS Software Denial-of-Service Vulnerability

A vulnerability in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition...

7.1CVSS4.5AI score0.05032EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•44 views

Grandstream Networks UCM6200 Series SQL Injection Vulnerability

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

10CVSS3AI score0.83926EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/13 12:0 a.m.•43 views

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.01291EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•43 views

Microsoft Windows Storage Link Following Vulnerability

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable...

7.1CVSS6.7AI score0.02258EPSS
Exploits0
Total number of security vulnerabilities1647