Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 31–60 of 171 CVEs · Page 2 of 6 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Feb 24, 2025 CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM)
database enterprise
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the syste…
67.9%
Jan 7, 2025 CVE-2020-2883 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP…
94.4%
Nov 21, 2024 CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM)
database enterprise
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful ex…
69.8%
Nov 20, 2024 CVE-2024-38812 VMware vCenter Server
enterprise
VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network acc…
77.9%
Nov 20, 2024 CVE-2024-38813 VMware vCenter Server
enterprise
VMware vCenter Server Privilege Escalation Vulnerability
VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate pr…
29.5%
Nov 18, 2024 CVE-2024-1212 Progress Kemp LoadMaster
enterprise
Progress Kemp LoadMaster OS Command Injection Vulnerability
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management inte…
94.3%
Nov 12, 2024 CVE-2021-26086 Atlassian Jira Server and Data Center
enterprise smb essential
Atlassian Jira Server and Data Center Path Traversal Vulnerability
Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.
94.2%
Oct 17, 2024 CVE-2024-40711
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup and Replication Deserialization Vulnerability
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
70.5%
Oct 15, 2024 CVE-2024-28987 SolarWinds Web Help Desk
enterprise
SolarWinds Web Help Desk Hardcoded Credential Vulnerability
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
94.3%
Sep 30, 2024 CVE-2019-0344 SAP Commerce Cloud
enterprise
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code …
40.2%
Sep 18, 2024 CVE-2020-14644 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can ex…
93.6%
Sep 18, 2024 CVE-2022-21445 Oracle ADF Faces
database enterprise
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
92.0%
Sep 16, 2024 CVE-2024-6670
Ransomware
Progress WhatsUp Gold
enterprise
Progress WhatsUp Gold SQL Injection Vulnerability
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured wit…
94.5%
Aug 15, 2024 CVE-2024-28986 SolarWinds Web Help Desk
enterprise
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
80.2%
Jul 30, 2024 CVE-2024-37085
Ransomware
VMware ESXi
enterprise
VMware ESXi Authentication Bypass Vulnerability
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was prev…
80.3%
Jul 17, 2024 CVE-2022-22948 VMware vCenter Server
enterprise
VMware vCenter Server Incorrect Default File Permissions Vulnerability
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.
26.0%
Jul 17, 2024 CVE-2024-28995 SolarWinds Serv-U
enterprise
SolarWinds Serv-U Path Traversal Vulnerability
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
94.4%
Jun 13, 2024 CVE-2024-4358 Progress Telerik Report Server
enterprise
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.
94.3%
Jun 3, 2024 CVE-2017-3506 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server OS Command Injection Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specia…
94.4%
May 1, 2024 CVE-2023-7028 GitLab GitLab CE/EE
enterprise smb essential
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified ema…
93.4%
Feb 22, 2024 CVE-2024-1709
Ransomware
ConnectWise ScreenConnect
enterprise smb essential
ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-le…
94.4%
Jan 24, 2024 CVE-2023-22527
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
94.4%
Jan 22, 2024 CVE-2023-34048 VMware vCenter Server
enterprise
VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution.
93.2%
Jan 17, 2024 CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NS…
5.7%
Jan 17, 2024 CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy,…
82.3%
Nov 16, 2023 CVE-2020-2551 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the We…
94.4%
Nov 7, 2023 CVE-2023-22518
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker.…
94.4%
Oct 18, 2023 CVE-2023-4966
Ransomware
Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual serve…
94.3%
Oct 5, 2023 CVE-2023-22515
Ransomware
Atlassian Confluence Data Center and Server
enterprise smb essential
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and acc…
94.4%
Oct 5, 2023 CVE-2023-40044
Ransomware
Progress WS_FTP Server
enterprise
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on…
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.