Lucene search
+L
Cisa KevMost viewed

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/02/10 12:0 a.m.•46 views

Microsoft HTTP.sys Remote Code Execution Vulnerability

Microsoft HTTP protocol stack HTTP.sys contains a vulnerability that allows for remote code execution...

10CVSS7AI score0.99999EPSS
Exploits16
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...

9.3CVSS7.5AI score0.10337EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

Microsoft Office Outlook Security Feature Bypass Vulnerability

Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands...

7.8CVSS7.6AI score0.59893EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

SAP NetWeaver XML External Entity (XXE) Vulnerability

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.2AI score0.23805EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•46 views

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS9.5AI score0.99728EPSS
Exploits28
CISA KEV Catalog
CISA KEV Catalog
•added 2025/07/28 12:0 a.m.•45 views

PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability

PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...

8.8CVSS8.9AI score0.29246EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2025/03/11 12:0 a.m.•45 views

Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability

Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...

5.5CVSS6.4AI score0.01852EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/02/11 12:0 a.m.•45 views

Microsoft Windows Storage Link Following Vulnerability

Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable...

7.1CVSS6.7AI score0.02258EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/18 12:0 a.m.•45 views

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

9.8CVSS9.7AI score0.62478EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/04/04 12:0 a.m.•45 views

Android Pixel Information Disclosure Vulnerability

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...

5.5CVSS6.7AI score0.00482EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/01/23 12:0 a.m.•45 views

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

9.8CVSS2.6AI score0.99753EPSS
Exploits15
CISA KEV Catalog
CISA KEV Catalog
•added 2022/09/08 12:0 a.m.•45 views

QNAP Photo Station Externally Controlled Reference Vulnerability

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

10CVSS2.9AI score0.87908EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•45 views

Google Chromium V8 Remote Code Execution Vulnerability

Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS8.8AI score0.84564EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•45 views

Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts...

9.3CVSS7.1AI score0.8669EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS3.7AI score0.99988EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...

7.5CVSS6.5AI score0.05562EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•45 views

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...

10CVSS5AI score0.8345EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2021/11/03 12:0 a.m.•45 views

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account...

9.8CVSS8.9AI score0.99913EPSS
Exploits29
CISA KEV Catalog
CISA KEV Catalog
•added 2026/02/17 12:0 a.m.•44 views

Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability

Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully...

9.3CVSS6.6AI score0.76733EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2025/05/13 12:0 a.m.•44 views

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS6.9AI score0.01291EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2025/01/14 12:0 a.m.•44 views

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...

7.8CVSS6.8AI score0.01363EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/10/23 12:0 a.m.•44 views

Fortinet FortiManager Missing Authentication Vulnerability

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS8.3AI score0.94761EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/21 12:0 a.m.•44 views

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...

7.2CVSS7.4AI score0.4638EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2024/07/15 12:0 a.m.•44 views

OSGeo GeoServer GeoTools Eval Injection Vulnerability

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...

9.8CVSS8.2AI score0.99813EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2024/02/29 12:0 a.m.•44 views

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...

8.4CVSS7.2AI score0.22133EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2023/11/13 12:0 a.m.•44 views

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the P...

9.8CVSS7.6AI score0.93546EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2023/10/04 12:0 a.m.•44 views

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges...

7CVSS7.1AI score0.01872EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/09/12 12:0 a.m.•44 views

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability

Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7AI score0.261EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•44 views

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...

8.8CVSS8.8AI score0.12588EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/14 12:0 a.m.•44 views

Fortinet FortiOS Path Traversal Vulnerability

Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands...

7.1CVSS6AI score0.12316EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/02/02 12:0 a.m.•44 views

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...

8.8CVSS8.9AI score0.80274EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/06/08 12:0 a.m.•44 views

Adobe Flash Player Integer Overflow Vulnerability

Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...

9.3CVSS7.1AI score0.21194EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/25 12:0 a.m.•44 views

Microsoft Silverlight Double Dereference Vulnerability

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application...

9.3CVSS6AI score0.81868EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•44 views

QNAP NAS File Station Command Injection Vulnerability

A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands...

9.8CVSS5.4AI score0.24449EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/05/24 12:0 a.m.•44 views

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability

The Graphics Device Interface GDI in Microsoft Windows allows local users to gain privileges via a crafted application...

7.8CVSS6.7AI score0.11022EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•44 views

Apple macOS Out-of-Bounds Read Vulnerability

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...

5.5CVSS3.2AI score0.01132EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•44 views

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.7AI score0.99796EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•44 views

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

9.9CVSS5.2AI score0.75594EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/25 12:0 a.m.•44 views

Microsoft Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...

7.6CVSS2.7AI score0.61912EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•44 views

Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability

A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service...

7.5CVSS7.3AI score0.06042EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/03 12:0 a.m.•44 views

Microsoft Internet Explorer Use-After-Free Vulnerability

A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code...

9.3CVSS4.8AI score0.77462EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/01/28 12:0 a.m.•44 views

Grandstream Networks UCM6200 Series SQL Injection Vulnerability

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

10CVSS3AI score0.83926EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2021/12/01 12:0 a.m.•44 views

MikroTik Router OS Directory Traversal Vulnerability

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

9.1CVSS5.7AI score0.96087EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog
•added 2024/09/18 12:0 a.m.•43 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...

9.8CVSS7.5AI score0.94465EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2024/08/07 12:0 a.m.•43 views

Apache OFBiz Path Traversal Vulnerability

Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution...

9.8CVSS8.2AI score0.99426EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
•added 2024/06/26 12:0 a.m.•43 views

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...

6.3CVSS6AI score0.76596EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/14 12:0 a.m.•43 views

Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass...

8.8CVSS7.3AI score0.03939EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2024/05/13 12:0 a.m.•43 views

Google Chromium Visuals Use-After-Free Vulnerability

Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS7.2AI score0.08348EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2023/05/26 12:0 a.m.•43 views

Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

9.8CVSS7.6AI score0.86956EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
•added 2023/03/30 12:0 a.m.•43 views

Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...

7.9CVSS8AI score0.03702EPSS
Exploits0
Total number of security vulnerabilities1652