Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 132 CVEs · Page 3 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Aug 25, 2022 CVE-2022-24706 Apache CouchDB
web server
Apache CouchDB Insecure Default Initialization of Resource Vulnerability
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
94.4%
Jun 27, 2022 CVE-2021-4034 Red Hat Polkit
server os
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
87.4%
May 25, 2022 CVE-2010-0738
Ransomware
Red Hat JBoss
server os
Red Hat JBoss Authentication Bypass Vulnerability
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attacker…
92.4%
May 25, 2022 CVE-2010-0840 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vec…
92.1%
May 25, 2022 CVE-2010-1428
Ransomware
Red Hat JBoss
server os
Red Hat JBoss Information Disclosure Vulnerability
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET…
67.6%
May 25, 2022 CVE-2012-1710
Ransomware
Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availab…
40.8%
May 25, 2022 CVE-2013-0422
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
93.6%
May 25, 2022 CVE-2013-0431
Ransomware
Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
91.5%
May 25, 2022 CVE-2013-2423 Oracle Java Runtime Environment (JRE)
database enterprise
Oracle JRE Unspecified Vulnerability
Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
93.4%
May 25, 2022 CVE-2014-3153 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.
75.3%
May 25, 2022 CVE-2019-3010 Oracle Solaris
database enterprise
Oracle Solaris Privilege Escalation Vulnerability
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
53.5%
Apr 25, 2022 CVE-2022-0847 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker o…
80.8%
Apr 13, 2022 CVE-2018-7602
Ransomware
Drupal Core
web server
Drupal Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
94.4%
Apr 11, 2022 CVE-2021-22600 Linux Kernel
server os
Linux Kernel Privilege Escalation Vulnerability
Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service …
0.2%
Mar 28, 2022 CVE-2012-0518 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
20.9%
Mar 28, 2022 CVE-2012-5076 Oracle Java SE
database enterprise
Oracle Java SE Sandbox Bypass Vulnerability
The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java applic…
91.4%
Mar 28, 2022 CVE-2013-2465
Ransomware
Oracle Java SE
database enterprise
Oracle Java SE Unspecified Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
93.2%
Mar 28, 2022 CVE-2022-0543 Redis Debian-specific Redis Servers
database
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
94.4%
Mar 25, 2022 CVE-2013-2251 Apache Struts
web server
Apache Struts Improper Input Validation Vulnerability
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
94.3%
Mar 25, 2022 CVE-2017-12615
Ransomware
Apache Tomcat
endpoint smb essential web server
Apache Tomcat on Windows Remote Code Execution Vulnerability
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested a…
94.2%
Mar 25, 2022 CVE-2017-12617 Apache Tomcat
web server
Apache Tomcat Remote Code Execution Vulnerability
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be …
94.4%
Mar 25, 2022 CVE-2019-2616 Oracle BI Publisher (Formerly XML Publisher)
database enterprise
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerabilit…
94.0%
Mar 25, 2022 CVE-2019-6340 Drupal Core
web server
Drupal Core Remote Code Execution Vulnerability
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
94.4%
Mar 25, 2022 CVE-2020-1956 Apache Kylin
web server
Apache Kylin OS Command Injection Vulnerability
Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
94.1%
Mar 3, 2022 CVE-2008-3431 Oracle VirtualBox
database enterprise
Oracle VirtualBox Insufficient Input Validation Vulnerability
An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.
5.4%
Mar 3, 2022 CVE-2011-3544 Oracle Java SE JDK and JRE
database enterprise
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
92.5%
Mar 3, 2022 CVE-2012-0507
Ransomware
Oracle Java SE
database enterprise
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
93.7%
Mar 3, 2022 CVE-2012-1723
Ransomware
Oracle Java SE
database enterprise
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unkn…
94.1%
Mar 3, 2022 CVE-2012-4681
Ransomware
Oracle Java SE
database enterprise
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.
94.1%
Mar 3, 2022 CVE-2015-2590 Oracle Java SE
database enterprise
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
66.6%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.