Lucene search
+L
Cisa KevRecent

1652 matches found

CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•24 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4.1AI score0.01968EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•33 views

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7CVSS3.8AI score0.0295EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•85 views

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution...

10CVSS3.5AI score0.99999EPSS
Exploits22
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/25 12:0 a.m.•19 views

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4.1AI score0.01968EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/19 12:0 a.m.•24 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation...

7.8CVSS3.5AI score0.18464EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/19 12:0 a.m.•34 views

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.23717EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/19 12:0 a.m.•42 views

WhatsApp VOIP Stack Buffer Overflow Vulnerability

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number...

9.8CVSS4.8AI score0.39166EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•46 views

Ubiquiti AirOS Command Injection Vulnerability

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi...

9.8CVSS3.8AI score0.34641EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•37 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.1372EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•29 views

VMware Multiple Products Privilege Escalation Vulnerability

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts...

7.8CVSS3.4AI score0.37171EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•34 views

Schneider Electric U.motion Builder SQL Injection Vulnerability

A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered...

9.8CVSS4.5AI score0.72486EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•42 views

Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability

The WAP interface in Trihedral VTScada formerly VTS allows remote attackers to cause a denial-of-service DoS...

7.5CVSS7.5AI score0.31392EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•19 views

D-Link DNS-320 Remote Code Execution Vulnerability

The loginmgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution...

10CVSS2.2AI score0.8721EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•36 views

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution...

9.8CVSS7AI score0.74548EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•149 views

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands...

10CVSS7.7AI score0.97759EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/15 12:0 a.m.•54 views

Crestron Multiple Products Command Injection Vulnerability

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

10CVSS3.1AI score0.98952EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/14 12:0 a.m.•31 views

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection...

10CVSS4.7AI score0.99997EPSS
Exploits25
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•44 views

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...

10CVSS7AI score0.93688EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•30 views

Kaseya VSA Remote Code Execution Vulnerability

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices...

9.8CVSS7.4AI score0.29336EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•60 views

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service DoS...

9.3CVSS6.9AI score0.51127EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•21 views

Adobe Flash Player Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely...

10CVSS7.2AI score0.20356EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•28 views

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS Driver contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS4AI score0.07304EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•24 views

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS6.7AI score0.8582EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•21 views

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS7.6AI score0.95683EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•40 views

Drupal Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site...

9.8CVSS6.3AI score0.99236EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•23 views

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service DoS...

10CVSS6.9AI score0.18493EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/13 12:0 a.m.•18 views

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code...

10CVSS7.1AI score0.9994EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•22 views

WatchGuard Firebox and XTM Privilege Escalation Vulnerability

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...

9CVSS5.2AI score0.12793EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•37 views

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

7.5CVSS8.3AI score0.70207EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•37 views

Checkbox Survey Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code...

9.8CVSS5.6AI score0.31946EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•46 views

Linux Kernel Privilege Escalation Vulnerability

Linux Kernel contains a flaw in the packet socket AFPACKET implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service DoS or possibly for privilege escalation...

7.2CVSS7.1AI score0.05918EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•28 views

Google Pixel Out-of-Bounds Write Vulnerability

Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege...

7.8CVSS3.1AI score0.00732EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•39 views

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...

8.8CVSS8.3AI score0.74265EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•26 views

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution...

9.8CVSS6AI score0.328EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/11 12:0 a.m.•92 views

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code...

9.8CVSS6.7AI score0.83476EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/06 12:0 a.m.•39 views

Sudo Heap-Based Buffer Overflow Vulnerability

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation...

7.8CVSS8AI score0.99295EPSS
Exploits81
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/06 12:0 a.m.•26 views

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...

9.8CVSS2.3AI score0.99657EPSS
Exploits24
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/06 12:0 a.m.•25 views

Microsoft SMBv1 Server Remote Code Execution Vulnerability

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets...

9.3CVSS8.1AI score0.99373EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•18 views

D-Link Multiple Routers Remote Code Execution Vulnerability

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file...

10CVSS6.6AI score0.97836EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•33 views

Apple macOS Out-of-Bounds Write Vulnerability

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges...

9.3CVSS5.5AI score0.12642EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•39 views

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding...

9.8CVSS3.8AI score0.99677EPSS
Exploits103
CISA KEV Catalog
CISA KEV Catalog
•added 2022/04/04 12:0 a.m.•44 views

Apple macOS Out-of-Bounds Read Vulnerability

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...

5.5CVSS3.2AI score0.01132EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•102 views

Dasan GPON Routers Command Injection Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...

9.8CVSS6.3AI score0.99948EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•47 views

Sophos Firewall Authentication Bypass Vulnerability

An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...

9.8CVSS3.7AI score0.99796EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•20 views

Trend Micro Apex Central Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution...

9.8CVSS4.2AI score0.19633EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•21 views

QNAP NAS Improper Authorization Vulnerability

QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device...

10CVSS5.2AI score0.7825EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•32 views

Dell dbutil Driver Insufficient Access Control Vulnerability

Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service DoS, or information disclosure...

8.8CVSS7.6AI score0.58132EPSS
Exploits17
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•29 views

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.2AI score0.14393EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/31 12:0 a.m.•103 views

Dasan GPON Routers Authentication Bypass Vulnerability

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution...

9.8CVSS6.3AI score0.99948EPSS
Exploits11
CISA KEV Catalog
CISA KEV Catalog
•added 2022/03/28 12:0 a.m.•23 views

Oracle Java SE Sandbox Bypass Vulnerability

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

10CVSS2.7AI score0.91013EPSS
Exploits18
Total number of security vulnerabilities1652