Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Aug 25, 2022 | CVE-2022-24706 | Apache CouchDB |
Apache CouchDB Insecure Default Initialization of Resource Vulnerability
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
|
— | 94.4% |
| Jun 27, 2022 | CVE-2021-4034 | Red Hat Polkit |
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
|
— | 87.4% |
| May 25, 2022 |
CVE-2010-0738
Ransomware |
Red Hat JBoss |
Red Hat JBoss Authentication Bypass Vulnerability
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attacker…
|
— | 92.4% |
| May 25, 2022 | CVE-2010-0840 | Oracle Java Runtime Environment (JRE) |
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vec…
|
— | 92.1% |
| May 25, 2022 |
CVE-2010-1428
Ransomware |
Red Hat JBoss |
Red Hat JBoss Information Disclosure Vulnerability
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET…
|
— | 67.6% |
| May 25, 2022 |
CVE-2012-1710
Ransomware |
Oracle Fusion Middleware |
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availab…
|
— | 40.8% |
| May 25, 2022 |
CVE-2013-0422
Ransomware |
Oracle Java Runtime Environment (JRE) |
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
|
— | 93.6% |
| May 25, 2022 |
CVE-2013-0431
Ransomware |
Oracle Java Runtime Environment (JRE) |
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
|
— | 91.5% |
| May 25, 2022 | CVE-2013-2423 | Oracle Java Runtime Environment (JRE) |
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
|
— | 93.4% |
| May 25, 2022 | CVE-2014-3153 | Linux Kernel |
Linux Kernel Privilege Escalation Vulnerability
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
|
— | 75.3% |
| May 25, 2022 | CVE-2019-3010 | Oracle Solaris |
Oracle Solaris Privilege Escalation Vulnerability
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 53.5% |
| Apr 25, 2022 | CVE-2022-0847 | Linux Kernel |
Linux Kernel Privilege Escalation Vulnerability
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker o…
|
— | 80.8% |
| Apr 13, 2022 |
CVE-2018-7602
Ransomware |
Drupal Core |
Drupal Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
|
— | 94.4% |
| Apr 11, 2022 | CVE-2021-22600 | Linux Kernel |
Linux Kernel Privilege Escalation Vulnerability
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service …
|
— | 0.2% |
| Mar 28, 2022 | CVE-2012-0518 | Oracle Fusion Middleware |
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
|
— | 20.9% |
| Mar 28, 2022 | CVE-2012-5076 | Oracle Java SE |
Oracle Java SE Sandbox Bypass Vulnerability
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java applic…
|
— | 91.4% |
| Mar 28, 2022 |
CVE-2013-2465
Ransomware |
Oracle Java SE |
Oracle Java SE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
|
— | 93.2% |
| Mar 28, 2022 | CVE-2022-0543 | Redis Debian-specific Redis Servers |
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
|
— | 94.4% |
| Mar 25, 2022 | CVE-2013-2251 | Apache Struts |
Apache Struts Improper Input Validation Vulnerability
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
|
— | 94.3% |
| Mar 25, 2022 |
CVE-2017-12615
Ransomware |
Apache Tomcat |
Apache Tomcat on Windows Remote Code Execution Vulnerability
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested a…
|
— | 94.2% |
| Mar 25, 2022 | CVE-2017-12617 | Apache Tomcat |
Apache Tomcat Remote Code Execution Vulnerability
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be …
|
— | 94.4% |
| Mar 25, 2022 | CVE-2019-2616 | Oracle BI Publisher (Formerly XML Publisher) |
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerabilit…
|
— | 94.0% |
| Mar 25, 2022 | CVE-2019-6340 | Drupal Core |
Drupal Core Remote Code Execution Vulnerability
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
|
— | 94.4% |
| Mar 25, 2022 | CVE-2020-1956 | Apache Kylin |
Apache Kylin OS Command Injection Vulnerability
Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
|
— | 94.1% |
| Mar 3, 2022 | CVE-2008-3431 | Oracle VirtualBox |
Oracle VirtualBox Insufficient Input Validation Vulnerability
An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.
|
— | 5.4% |
| Mar 3, 2022 | CVE-2011-3544 | Oracle Java SE JDK and JRE |
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
|
— | 92.5% |
| Mar 3, 2022 |
CVE-2012-0507
Ransomware |
Oracle Java SE |
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
|
— | 93.7% |
| Mar 3, 2022 |
CVE-2012-1723
Ransomware |
Oracle Java SE |
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
|
— | 94.1% |
| Mar 3, 2022 |
CVE-2012-4681
Ransomware |
Oracle Java SE |
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.
|
— | 94.1% |
| Mar 3, 2022 | CVE-2015-2590 | Oracle Java SE |
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
|
— | 66.6% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.