Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,051–1,080 of 1,619 CVEs · Page 36 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 25, 2022 CVE-2009-0927 Adobe Reader and Acrobat
smb essential
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
93.8%
Mar 25, 2022 CVE-2009-1151 phpMyAdmin phpMyAdmin
phpMyAdmin Remote Code Execution Vulnerability
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
93.3%
Mar 25, 2022 CVE-2009-2055 Cisco IOS XR
mobile network
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
0.8%
Mar 25, 2022 CVE-2010-2861
Ransomware
Adobe ColdFusion
smb essential
Adobe ColdFusion Directory Traversal Vulnerability
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
94.2%
Mar 25, 2022 CVE-2010-3035 Cisco IOS XR
mobile network
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
5.3%
Mar 25, 2022 CVE-2010-4344 Exim Exim
Exim Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
51.9%
Mar 25, 2022 CVE-2010-4345 Exim Exim
Exim Privilege Escalation Vulnerability
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary c…
6.5%
Mar 25, 2022 CVE-2012-1823 PHP PHP
PHP-CGI Query String Parameter Vulnerability
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
94.4%
Mar 25, 2022 CVE-2013-2251 Apache Struts
web server
Apache Struts Improper Input Validation Vulnerability
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
94.3%
Mar 25, 2022 CVE-2013-4810 Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
HP Multiple Products Remote Code Execution Vulnerability
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1…
89.7%
Mar 25, 2022 CVE-2013-5223 D-Link DSL-2760U
network
D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
30.1%
Mar 25, 2022 CVE-2014-0130 Rails Ruby on Rails
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary fi…
52.7%
Mar 25, 2022 CVE-2014-3120 Elastic Elasticsearch
Elasticsearch Remote Code Execution Vulnerability
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
85.3%
Mar 25, 2022 CVE-2014-6287 Rejetto HTTP File Server (HFS)
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
94.4%
Mar 25, 2022 CVE-2014-6324 Microsoft Kerberos Key Distribution Center (KDC)
endpoint m365 smb essential
Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
90.4%
Mar 25, 2022 CVE-2014-6332 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
94.1%
Mar 25, 2022 CVE-2015-0666 Cisco Prime Data Center Network Manager (DCNM)
network
Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
60.0%
Mar 25, 2022 CVE-2015-1187 D-Link and TRENDnet Multiple Devices
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
82.9%
Mar 25, 2022 CVE-2015-1427 Elastic Elasticsearch
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
92.3%
Mar 25, 2022 CVE-2015-3035 TP-Link Multiple Archer Devices
network
TP-Link Multiple Archer Devices Directory Traversal Vulnerability
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
92.5%
Mar 25, 2022 CVE-2015-4068 Arcserve Unified Data Protection (UDP)
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
80.4%
Mar 25, 2022 CVE-2016-0752 Rails Ruby on Rails
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
90.5%
Mar 25, 2022 CVE-2016-10174 NETGEAR WNR2000v5 Router
network
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
91.1%
Mar 25, 2022 CVE-2016-11021 D-Link DCS-930L Devices
network
D-Link DCS-930L Devices OS Command Injection Vulnerability
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
90.5%
Mar 25, 2022 CVE-2016-1555 NETGEAR Wireless Access Point (WAP) Devices
network
NETGEAR Multiple WAP Devices Command Injection Vulnerability
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code e…
94.3%
Mar 25, 2022 CVE-2016-4171 Adobe Flash Player
smb essential
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
44.2%
Mar 25, 2022 CVE-2016-7892 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
22.0%
Mar 25, 2022 CVE-2017-0146
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Remote Code Execution Vulnerability
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
93.3%
Mar 25, 2022 CVE-2017-12615
Ransomware
Apache Tomcat
endpoint smb essential web server
Apache Tomcat on Windows Remote Code Execution Vulnerability
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested a…
94.2%
Mar 25, 2022 CVE-2017-12617 Apache Tomcat
web server
Apache Tomcat Remote Code Execution Vulnerability
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be …
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.