Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Cisa KevRecent
RecentMost viewed

1634 matches found

CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•16 views

Oracle Multiple Products Remote Code Execution Vulnerability

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment...

9.8CVSS9.4AI score0.97116EPSS
Exploits26
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•43 views

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability...

9CVSS7.9AI score0.97929EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Ivanti Pulse Connect Secure Use-After-Free Vulnerability

Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services...

10CVSS9.3AI score0.49223EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•19 views

Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability

Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure...

6.2CVSS6AI score0.0052EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•22 views

Qualcomm Multiple Chipsets Use-After-Free Vulnerability

Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously...

8.4CVSS7.8AI score0.0115EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•10 views

SaltStack Salt Shell Injection Vulnerability

SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API...

9.8CVSS9.1AI score0.99585EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•28 views

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

10CVSS9.4AI score0.94719EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•26 views

SAP Solution Manager Missing Authentication for Critical Function Vulnerability

SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager...

10CVSS9AI score0.98376EPSS
Exploits7
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•30 views

SolarWinds Orion Authentication Bypass Vulnerability

SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...

9.8CVSS9.3AI score0.9198EPSS
Exploits3
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•16 views

SolarWinds Serv-U Remote Code Execution Vulnerability

SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution...

10CVSS9.6AI score0.9116EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•15 views

SolarWinds Virtualization Manager Privilege Escalation Vulnerability

SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...

7.8CVSS7.6AI score0.03704EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•33 views

Sonatype Nexus Repository Remote Code Execution Vulnerability

Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution...

9CVSS9AI score0.99064EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•11 views

Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability

Sumavision Enhanced Multimedia Router EMR contains a cross-site request forgery CSRF vulnerability allowing the creation of users with elevated privileges as administrator on a device...

9.8CVSS8.9AI score0.14209EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•267 views

Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request...

10CVSS9.6AI score0.08672EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•13 views

Trend Micro Multiple Products Content Validation Escape Vulnerability

Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...

8.8CVSS8.3AI score0.05754EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•10 views

Unraid Authentication Bypass Vulnerability

Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...

10CVSS9.5AI score0.95844EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•20 views

VMware Multiple Products Privilege Escalation Vulnerability

VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...

7.8CVSS7.7AI score0.07254EPSS
Exploits10
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•30 views

Multiple VMware Products Command Injection Vulnerability

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute...

9.1CVSS8.8AI score0.23771EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•76 views

WordPress File Manager Plugin Remote Code Execution Vulnerability

WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...

10CVSS9.8AI score0.97328EPSS
Exploits14
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•25 views

Accellion FTA OS Command Injection Vulnerability

Accellion FTA contains an OS command injection vulnerability exploited via a local web service call...

7.8CVSS8.8AI score0.03654EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•18 views

Accellion FTA SQL Injection Vulnerability

Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...

9.8CVSS9.5AI score0.05998EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•30 views

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability

Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user...

8.8CVSS9AI score0.8621EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•33 views

Android Kernel Use-After-Free Vulnerability

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."...

7.8CVSS7.2AI score0.72105EPSS
Exploits26
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•27 views

Apache Struts Deserialization of Untrusted Data Vulnerability

Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads...

8.1CVSS8.5AI score0.99461EPSS
Exploits23
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•31 views

Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and...

7.8CVSS7.3AI score0.01299EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•34 views

Apache HTTP Server Privilege Escalation Vulnerability

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute code with the privileges of the parent process usually root by manipulating the scoreboard...

7.8CVSS7.8AI score0.65005EPSS
Exploits8
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•26 views

Apache Shiro Code Execution Vulnerability

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...

9.8CVSS8.3AI score0.93143EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•25 views

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...

7.5CVSS8.2AI score0.98567EPSS
Exploits12
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•24 views

Apple Multiple Products Memory Initialization Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory...

7.1CVSS6.1AI score0.1652EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Apple Multiple Products WebKit Storage Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and...

8.8CVSS9AI score0.04258EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•16 views

Apple iOS WebKit Buffer Overflow Vulnerability

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

8.8CVSS9AI score0.02849EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•23 views

Apple macOS Unspecified Vulnerability

Apple macOS Transparency, Consent, and Control TCC contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences...

7.8CVSS7.3AI score0.0658EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•25 views

Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability

Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...

9CVSS8.3AI score0.12084EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•24 views

Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability

Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds...

9.8CVSS9.4AI score0.95355EPSS
Exploits6
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•20 views

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...

7.5CVSS7.1AI score0.99903EPSS
Exploits18
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•23 views

D-Link DNS-320 Device Command Injection Vulnerability

D-Link DNS-320 device contains a command injection vulnerability in the sytemmgr.cgi component that may allow for remote code execution...

9.8CVSS9.9AI score0.99968EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•26 views

DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...

7.5CVSS7.4AI score0.74048EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Drupal Core Remote Code Execution Vulnerability

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise...

9.8CVSS9.4AI score0.99993EPSS
Exploits46
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Exim Buffer Overflow Vulnerability

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution...

9.8CVSS9.7AI score0.82238EPSS
Exploits19
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•25 views

F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability

F5 BIG-IP Traffic Management User Interface TMUI contains a remote code execution vulnerability in undisclosed pages...

10CVSS9.4AI score0.99999EPSS
Exploits59
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Fortinet FortiOS Default Configuration Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

6.5CVSS7.7AI score0.18566EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•19 views

Google Chrome Use-After-Free Vulnerability

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS8.8AI score0.02747EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•16 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...

8.8CVSS9AI score0.57736EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•15 views

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

8.8CVSS8.8AI score0.08928EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•26 views

Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database RDB products contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS9.5AI score0.99737EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•39 views

Microsoft Windows Installer Privilege Escalation Vulnerability

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files...

7.8CVSS7.6AI score0.07667EPSS
Exploits5
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•21 views

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS8AI score0.02954EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•30 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

8.8CVSS8.4AI score0.36514EPSS
Exploits4
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•17 views

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...

7.8CVSS7.6AI score0.01792EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog•added 2021/11/03 12:0 a.m.•22 views

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

7.8CVSS7.5AI score0.01896EPSS
Exploits0
Total number of security vulnerabilities1634