Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 233 CVEs · Page 3 of 8 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 14, 2024 CVE-2024-9463 Palo Alto Networks Expedition
network vpn remote
Palo Alto Networks Expedition OS Command Injection Vulnerability
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting …
94.2%
Nov 14, 2024 CVE-2024-9465 Palo Alto Networks Expedition
network vpn remote
Palo Alto Networks Expedition SQL Injection Vulnerability
Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usern…
94.3%
Nov 12, 2024 CVE-2014-2120 Cisco Adaptive Security Appliance (ASA)
network
Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrar…
75.1%
Nov 7, 2024 CVE-2024-5910 Palo Alto Networks Expedition
network vpn remote
Palo Alto Networks Expedition Missing Authentication Vulnerability
Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially a…
91.0%
Oct 24, 2024 CVE-2024-20481 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Denial-of-Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthe…
11.1%
Oct 23, 2024 CVE-2024-47575 Fortinet FortiManager
network vpn remote
Fortinet FortiManager Missing Authentication Vulnerability
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via …
93.9%
Oct 9, 2024 CVE-2024-23113 Fortinet Multiple Products
network vpn remote
Fortinet Multiple Products Format String Vulnerability
Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via…
54.4%
Sep 30, 2024 CVE-2023-25280 D-Link DIR-820 Router
network
D-Link DIR-820 Router OS Command Injection Vulnerability
D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the p…
93.1%
Sep 9, 2024 CVE-2024-40766
Ransomware
SonicWall SonicOS
network vpn remote
SonicWall SonicOS Improper Access Control Vulnerability
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
3.4%
Jul 2, 2024 CVE-2024-20399 Cisco NX-OS
network
Cisco NX-OS Command Injection Vulnerability
Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the und…
0.7%
May 30, 2024 CVE-2024-24919
Ransomware
Check Point Quantum Security Gateways
network vpn remote
Check Point Quantum Security Gateways Information Disclosure Vulnerability
Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gatewa…
94.3%
May 16, 2024 CVE-2014-100005 D-Link DIR-600 Router
network
D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability
D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator ses…
45.3%
May 16, 2024 CVE-2021-40655 D-Link DIR-605 Router
network
D-Link DIR-605 Router Information Disclosure Vulnerability
D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
92.6%
Apr 24, 2024 CVE-2024-20353 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Denial of Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.
18.8%
Apr 24, 2024 CVE-2024-20359 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrato…
0.1%
Apr 12, 2024 CVE-2024-3400
Ransomware
Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the …
94.3%
Apr 11, 2024 CVE-2024-3272 D-Link Multiple NAS Devices
network
D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthoriz…
94.1%
Apr 11, 2024 CVE-2024-3273 D-Link Multiple NAS Devices
network
D-Link Multiple NAS Devices Command Injection Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
94.4%
Mar 25, 2024 CVE-2023-48788
Ransomware
Fortinet FortiClient EMS
network vpn remote
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
94.1%
Feb 15, 2024 CVE-2020-3259
Ransomware
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Information Disclosure Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affect…
69.7%
Feb 9, 2024 CVE-2024-21762
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Out-of-Bound Write Vulnerability
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
92.6%
Jan 8, 2024 CVE-2016-20017 D-Link DSL-2750B Devices
network
D-Link DSL-2750B Devices Command Injection Vulnerability
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
92.1%
Nov 16, 2023 CVE-2023-1671 Sophos Web Appliance
endpoint network
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
94.3%
Nov 13, 2023 CVE-2023-36844 Juniper Junos OS
network
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important envi…
94.2%
Nov 13, 2023 CVE-2023-36845 Juniper Junos OS
network
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an impor…
94.4%
Nov 13, 2023 CVE-2023-36846 Juniper Junos OS
network
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact…
94.3%
Nov 13, 2023 CVE-2023-36847 Juniper Junos OS
network
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact …
93.9%
Nov 13, 2023 CVE-2023-36851 Juniper Junos OS
network
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact…
14.9%
Oct 31, 2023 CVE-2023-46747
Ransomware
F5 BIG-IP Configuration Utility
network vpn remote
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated at…
94.4%
Oct 31, 2023 CVE-2023-46748 F5 BIG-IP Configuration Utility
network vpn remote
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self…
4.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.