Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 31–60 of 132 CVEs · Page 2 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Aug 27, 2024 CVE-2024-38856 Apache OFBiz
web server
Apache OFBiz Incorrect Authorization Vulnerability
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthent…
94.4%
Aug 21, 2024 CVE-2022-0185 Linux Kernel
server os
Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a file…
1.9%
Aug 7, 2024 CVE-2024-32113 Apache OFBiz
web server
Apache OFBiz Path Traversal Vulnerability
Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.
94.0%
Jun 26, 2024 CVE-2022-2586 Linux Kernel
server os
Linux Kernel Use-After-Free Vulnerability
Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.
2.7%
Jun 3, 2024 CVE-2017-3506 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server OS Command Injection Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specia…
94.4%
May 30, 2024 CVE-2024-1086
Ransomware
Linux Kernel
server os
Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
84.6%
May 23, 2024 CVE-2020-17519 Apache Flink
web server
Apache Flink Improper Access Control Vulnerability
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
94.3%
Jan 8, 2024 CVE-2023-23752 Joomla! Joomla!
web server
Joomla! Improper Access Control Vulnerability
Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.
94.5%
Jan 8, 2024 CVE-2023-27524 Apache Superset
web server
Apache Superset Insecure Default Initialization of Resource Vulnerability
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations …
84.0%
Nov 16, 2023 CVE-2020-2551 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the We…
94.4%
Nov 2, 2023 CVE-2023-46604
Ransomware
Apache ActiveMQ
web server
Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating s…
94.4%
Sep 28, 2023 CVE-2018-14667 Red Hat JBoss RichFaces Framework
server os
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vuln…
89.5%
Sep 6, 2023 CVE-2023-33246 Apache RocketMQ
web server
Apache RocketMQ Command Execution Vulnerability
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vul…
94.4%
May 12, 2023 CVE-2010-3904 Linux Kernel
server os
Linux Kernel Improper Input Validation Vulnerability
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via craf…
2.2%
May 12, 2023 CVE-2014-0196 Linux Kernel
server os
Linux Kernel Race Condition Vulnerability
Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and wri…
49.9%
May 12, 2023 CVE-2016-3427 Oracle Java SE and JRockit
database enterprise
Oracle Java SE and JRockit Unspecified Vulnerability
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Ma…
93.3%
May 12, 2023 CVE-2016-8735 Apache Tomcat
web server
Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension…
93.8%
May 12, 2023 CVE-2021-3560 Red Hat Polkit
server os
Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
10.4%
May 1, 2023 CVE-2021-45046
Ransomware
Apache Log4j2
web server
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remo…
94.3%
May 1, 2023 CVE-2023-21839 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
94.2%
Mar 30, 2023 CVE-2023-0266 Linux Kernel
server os
Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
0.2%
Mar 7, 2023 CVE-2022-33891 Apache Spark
web server
Apache Spark Command Injection Vulnerability
Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
93.5%
Feb 2, 2023 CVE-2022-21587
Ransomware
Oracle E-Business Suite
database enterprise
Oracle E-Business Suite Unspecified Vulnerability
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop In…
94.4%
Nov 28, 2022 CVE-2021-35587 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
94.3%
Oct 20, 2022 CVE-2021-3493 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalatio…
80.0%
Sep 15, 2022 CVE-2013-2094 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explot…
65.9%
Sep 15, 2022 CVE-2013-2596 Linux Kernel
server os
Linux Kernel Integer Overflow Vulnerability
Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.
3.1%
Sep 15, 2022 CVE-2013-6282 Linux Kernel
server os
Linux Kernel Improper Input Validation Vulnerability
The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and wri…
67.7%
Sep 8, 2022 CVE-2018-2628 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
94.4%
Aug 25, 2022 CVE-2022-24112 Apache APISIX
web server
Apache APISIX Authentication Bypass Vulnerability
Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.