Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 61–90 of 129 CVEs · Page 3 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jan 31, 2024 CVE-2024-21893
Ransomware
Ivanti Connect Secure, Policy Secure, and Neurons
endpoint vpn remote
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAM…
94.3%
Jan 18, 2024 CVE-2023-35082
Ransomware
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resou…
94.4%
Jan 17, 2024 CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NS…
5.7%
Jan 17, 2024 CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy,…
82.3%
Jan 10, 2024 CVE-2023-46805
Ransomware
Ivanti Connect Secure and Policy Secure
endpoint vpn remote
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allo…
94.4%
Jan 10, 2024 CVE-2024-21887
Ransomware
Ivanti Connect Secure and Policy Secure
endpoint vpn remote
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, whi…
94.4%
Oct 31, 2023 CVE-2023-46747
Ransomware
F5 BIG-IP Configuration Utility
network vpn remote
F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated at…
94.4%
Oct 31, 2023 CVE-2023-46748 F5 BIG-IP Configuration Utility
network vpn remote
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self…
4.3%
Oct 18, 2023 CVE-2023-4966
Ransomware
Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual serve…
94.3%
Oct 10, 2023 CVE-2023-20109 Cisco IOS and IOS XE
mobile network vpn remote
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has…
0.6%
Aug 22, 2023 CVE-2023-38035
Ransomware
Ivanti Sentry
endpoint vpn remote
Ivanti Sentry Authentication Bypass Vulnerability
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrat…
94.4%
Aug 16, 2023 CVE-2023-24489 Citrix Content Collaboration
enterprise vpn remote
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile stora…
94.4%
Jul 31, 2023 CVE-2023-35081 Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This…
90.7%
Jul 25, 2023 CVE-2023-35078
Ransomware
Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths.…
94.4%
Jul 19, 2023 CVE-2023-3519
Ransomware
Citrix NetScaler ADC and NetScaler Gateway
enterprise vpn remote
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
93.5%
Jun 13, 2023 CVE-2023-27997
Ransomware
Fortinet FortiOS and FortiProxy SSL-VPN
network vpn remote
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via spec…
90.8%
Mar 14, 2023 CVE-2022-41328 Fortinet FortiOS
network vpn remote
Fortinet FortiOS Path Traversal Vulnerability
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
0.2%
Dec 13, 2022 CVE-2022-27518 Citrix Application Delivery Controller (ADC) and Gateway
enterprise vpn remote
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker…
27.7%
Dec 13, 2022 CVE-2022-42475
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or c…
94.0%
Oct 24, 2022 CVE-2020-3153
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious…
25.1%
Oct 24, 2022 CVE-2020-3433
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at …
3.9%
Oct 11, 2022 CVE-2022-40684
Ransomware
Fortinet Multiple Products
network vpn remote
Fortinet Multiple Products Authentication Bypass Vulnerability
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the admin…
94.4%
Sep 8, 2022 CVE-2018-13374
Ransomware
Fortinet FortiOS and FortiADC
network vpn remote
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointin…
3.4%
Aug 22, 2022 CVE-2022-0028 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
4.7%
Aug 18, 2022 CVE-2017-15944 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
94.0%
May 10, 2022 CVE-2022-1388
Ransomware
F5 BIG-IP
network vpn remote
F5 BIG-IP Missing Authentication Vulnerability
F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.
94.5%
Mar 28, 2022 CVE-2019-7483 SonicWall SMA100
network vpn remote
SonicWall SMA100 Directory Traversal Vulnerability
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
47.9%
Mar 28, 2022 CVE-2021-20028
Ransomware
SonicWall Secure Remote Access (SRA)
network vpn remote
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
80.3%
Mar 25, 2022 CVE-2017-6316 Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
enterprise network vpn remote
Citrix Multiple Products Remote Code Execution Vulnerability
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could re…
87.9%
Mar 25, 2022 CVE-2018-0125 Cisco VPN Routers
network vpn remote
Cisco VPN Routers Remote Code Execution Vulnerability
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affecte…
29.5%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.