Lucene search
+L
Cisa KevRecent

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2024/10/23 12:0 a.m.44 views

Fortinet FortiManager Missing Authentication Vulnerability

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS8.3AI score0.94761EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/22 12:0 a.m.37 views

Microsoft SharePoint Deserialization Vulnerability

Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution...

7.2CVSS8.1AI score0.47826EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/21 12:0 a.m.38 views

ScienceLogic SL1 Unspecified Vulnerability

ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component...

9.8CVSS7AI score0.03852EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/17 12:0 a.m.36 views

Veeam Backup and Replication Deserialization Vulnerability

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...

9.8CVSS8AI score0.90208EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.109 views

Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

Microsoft Windows Kernel contains a time-of-check to time-of-use TOCTOU race condition vulnerability that could allow for privilege escalation...

7CVSS6.7AI score0.68202EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.158 views

SolarWinds Web Help Desk Hardcoded Credential Vulnerability

SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data...

9.1CVSS7AI score0.93299EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/15 12:0 a.m.154 views

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process...

9.8CVSS7.5AI score0.23184EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/09 12:0 a.m.48 views

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

7.2CVSS7.5AI score0.62785EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/09 12:0 a.m.58 views

Fortinet Multiple Products Format String Vulnerability

Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

9.8CVSS8.1AI score0.61725EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/09 12:0 a.m.42 views

Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements...

7.2CVSS7.7AI score0.43364EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/08 12:0 a.m.82 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory...

7.8CVSS7.3AI score0.00674EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/08 12:0 a.m.72 views

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality...

8.1CVSS6.8AI score0.43679EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/08 12:0 a.m.82 views

Microsoft Windows Management Console Remote Code Execution Vulnerability

Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution...

7.8CVSS7.8AI score0.66571EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/03 12:0 a.m.589 views

Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands...

10CVSS9.5AI score0.99877EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2024/10/02 12:0 a.m.39 views

Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Ivanti Endpoint Manager EPM contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code...

9.6CVSS8.3AI score0.99951EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.51 views

Motion Spell GPAC Null Pointer Dereference Vulnerability

Motion Spell GPAC contains a null pointer dereference vulnerability that could allow a local attacker to cause a denial-of-service DoS condition...

6.5AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.89 views

SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

SAP Commerce Cloud formerly known as Hybris contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection...

9.8CVSS7.5AI score0.07079EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.38 views

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

9.8CVSS8.4AI score0.84203EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/30 12:0 a.m.313 views

D-Link DIR-820 Router OS Command Injection Vulnerability

D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the pingaddr parameter to ping.ccp...

9.8CVSS7.7AI score0.98053EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/24 12:0 a.m.130 views

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account...

9.8CVSS7.2AI score0.99987EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/19 12:0 a.m.187 views

Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

Ivanti Cloud Services Appliance CSA contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary...

9.4CVSS8.4AI score0.98557EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.45 views

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...

9.8CVSS9.7AI score0.62478EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.43 views

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...

9.8CVSS7.5AI score0.94465EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.108 views

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code...

9.8CVSS7.6AI score0.9921EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/18 12:0 a.m.34 views

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account...

9.8CVSS7.4AI score0.99022EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/17 12:0 a.m.51 views

Adobe Flash Player Incorrect Default Permissions Vulnerability

Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content...

9.3CVSS7.8AI score0.10533EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/17 12:0 a.m.29 views

Adobe Flash Player Double Free Vulnerablity

Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.24204EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/17 12:0 a.m.126 views

Adobe Flash Player Code Execution Vulnerability

Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content...

9.3CVSS7.8AI score0.11094EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/17 12:0 a.m.53 views

Adobe Flash Player Integer Underflow Vulnerablity

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code...

10CVSS7.7AI score0.99883EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/16 12:0 a.m.29 views

Progress WhatsUp Gold SQL Injection Vulnerability

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...

9.8CVSS8.4AI score0.94661EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/16 12:0 a.m.34 views

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Microsoft Windows MSHTML Platform contains a user interface UI misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112...

8.8CVSS6.7AI score0.84345EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/13 12:0 a.m.35 views

Ivanti Cloud Services Appliance OS Command Injection Vulnerability

Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...

7.2CVSS7.5AI score0.88955EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.136 views

Microsoft Windows Update Use-After-Free Vulnerability

Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution...

9.7AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.166 views

Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

Microsoft Windows Mark of the Web MOTW contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW...

5.4CVSS6.7AI score0.09756EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.152 views

Microsoft Publisher Protection Mechanism Failure Vulnerability

Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files...

7.3CVSS7.1AI score0.02667EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/10 12:0 a.m.170 views

Microsoft Windows Installer Improper Privilege Management Vulnerability

Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges...

7.8CVSS8.2AI score0.06008EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/09 12:0 a.m.29 views

SonicWall SonicOS Improper Access Control Vulnerability

SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash...

9.8CVSS7AI score0.15593EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/09 12:0 a.m.120 views

Linux Kernel PIE Stack Buffer Corruption Vulnerability

Linux kernel contains a position-independent executable PIE stack buffer corruption vulnerability in loadelf binary that allows a local attacker to escalate privileges...

7.8CVSS7AI score0.10695EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/09 12:0 a.m.56 views

ImageMagick Improper Input Validation Vulnerability

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

10CVSS7.8AI score0.97485EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.27 views

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.9AI score0.74279EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.249 views

Kingsoft WPS Office Path Traversal Vulnerability

Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library...

9.3CVSS6.9AI score0.01773EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/03 12:0 a.m.38 views

Draytek VigorConnect Path Traversal Vulnerability

Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...

7.8CVSS6.9AI score0.69248EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/28 12:0 a.m.186 views

Google Chromium V8 Inappropriate Implementation Vulnerability

Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...

8.8CVSS6.8AI score0.17227EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/27 12:0 a.m.163 views

Apache OFBiz Incorrect Authorization Vulnerability

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker...

9.8CVSS7.8AI score0.99427EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/26 12:0 a.m.117 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...

9.6CVSS6.8AI score0.19272EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/23 12:0 a.m.360 views

Versa Director Dangerous File Type Upload Vulnerability

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” Favorite Icon enables the upload of a...

7.2CVSS6.9AI score0.04006EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.373 views

Dahua IP Camera Authentication Bypass Vulnerability

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication...

10CVSS7.1AI score0.99871EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.339 views

Dahua IP Camera Authentication Bypass Vulnerability

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...

10CVSS7.1AI score0.99556EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.44 views

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...

7.2CVSS7.4AI score0.4638EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog
added 2024/08/21 12:0 a.m.56 views

Linux Kernel Heap-Based Buffer Overflow Vulnerability

Linux kernel contains a heap-based buffer overflow vulnerability in the legacyparseparam function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges...

8.4CVSS8.4AI score0.25151EPSS
Exploits11
Total number of security vulnerabilities1652