Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 171 CVEs · Page 3 of 6 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Aug 22, 2023 CVE-2023-27532
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the b…
83.6%
Aug 16, 2023 CVE-2023-24489 Citrix Content Collaboration
enterprise vpn remote
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile stora…
94.4%
Jul 19, 2023 CVE-2023-3519
Ransomware
Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
93.5%
Jun 23, 2023 CVE-2023-20867 VMware Tools
enterprise
VMware Tools Authentication Bypass Vulnerability
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest opera…
2.2%
Jun 22, 2023 CVE-2023-20887 VMware Aria Operations for Networks
enterprise
Vmware Aria Operations for Networks Command Injection Vulnerability
VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an …
94.3%
Jun 2, 2023 CVE-2023-34362
Ransomware
Progress MOVEit Transfer
enterprise
Progress MOVEit Transfer SQL Injection Vulnerability
Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending o…
94.3%
May 12, 2023 CVE-2016-3427 Oracle Java SE and JRockit
database enterprise
Oracle Java SE and JRockit Unspecified Vulnerability
Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Ma…
93.3%
May 1, 2023 CVE-2023-21839 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
94.2%
Feb 21, 2023 CVE-2022-47986
Ransomware
IBM Aspera Faspex
enterprise
IBM Aspera Faspex Code Execution Vulnerability
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
94.3%
Feb 16, 2023 CVE-2022-46169 Cacti Cacti
enterprise
Cacti Command Injection Vulnerability
Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.
94.5%
Feb 2, 2023 CVE-2022-21587
Ransomware
Oracle E-Business Suite
database enterprise
Oracle E-Business Suite Unspecified Vulnerability
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop In…
94.4%
Dec 13, 2022 CVE-2022-26500
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the inter…
19.0%
Dec 13, 2022 CVE-2022-26501
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the inter…
75.4%
Dec 13, 2022 CVE-2022-27518 Citrix Application Delivery Controller (ADC) and Gateway
enterprise vpn remote
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker…
27.7%
Nov 28, 2022 CVE-2021-35587 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
94.3%
Sep 30, 2022 CVE-2022-36804 Atlassian Bitbucket Server and Data Center
enterprise smb essential
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or w…
94.4%
Sep 8, 2022 CVE-2018-2628 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
94.4%
Aug 18, 2022 CVE-2022-22536 SAP Multiple Products
enterprise
SAP Multiple Products HTTP Request Smuggling Vulnerability
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthentic…
93.8%
Jul 29, 2022 CVE-2022-26138 Atlassian Confluence
enterprise smb essential
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to …
94.3%
Jun 9, 2022 CVE-2016-2386 SAP NetWeaver
enterprise
SAP NetWeaver SQL Injection Vulnerability
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
44.5%
Jun 9, 2022 CVE-2016-2388 SAP NetWeaver
enterprise
SAP NetWeaver Information Disclosure Vulnerability
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
67.8%
Jun 9, 2022 CVE-2021-38163 SAP NetWeaver
enterprise
SAP NetWeaver Unrestricted File Upload Vulnerability
SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
83.5%
Jun 2, 2022 CVE-2022-26134
Ransomware
Atlassian Confluence Server/Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
94.4%
May 25, 2022 CVE-2010-0840 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vec…
92.1%
May 25, 2022 CVE-2012-1710
Ransomware
Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availab…
40.8%
May 25, 2022 CVE-2013-0422
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
93.6%
May 25, 2022 CVE-2013-0431
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
91.5%
May 25, 2022 CVE-2013-2423 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
93.4%
May 25, 2022 CVE-2013-3993
Ransomware
IBM InfoSphere BigInsights
enterprise
IBM InfoSphere BigInsights Invalid Input Vulnerability
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.
26.5%
May 25, 2022 CVE-2019-3010 Oracle Solaris
database enterprise
Oracle Solaris Privilege Escalation Vulnerability
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
53.5%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.