Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,081–1,110 of 1,619 CVEs · Page 37 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 25, 2022 CVE-2017-3881 Cisco IOS and IOS XE
mobile network
Cisco IOS and IOS XE Remote Code Execution Vulnerability
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a re…
94.3%
Mar 25, 2022 CVE-2017-6316 Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server
enterprise network vpn remote
Citrix Multiple Products Remote Code Execution Vulnerability
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could re…
87.9%
Mar 25, 2022 CVE-2017-6334 NETGEAR DGN2200 Devices
network
NETGEAR DGN2200 Devices OS Command Injection Vulnerability
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
89.2%
Mar 25, 2022 CVE-2018-0125 Cisco VPN Routers
network vpn remote
Cisco VPN Routers Remote Code Execution Vulnerability
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affecte…
29.5%
Mar 25, 2022 CVE-2018-0147 Cisco Secure Access Control System (ACS)
network
Cisco Secure Access Control System Java Deserialization Vulnerability
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affect…
4.0%
Mar 25, 2022 CVE-2018-11138
Ransomware
Quest KACE System Management Appliance
Quest KACE System Management Appliance Remote Command Execution Vulnerability
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
93.4%
Mar 25, 2022 CVE-2018-1273
Ransomware
VMware Tanzu Spring Data Commons
VMware Tanzu Spring Data Commons Property Binder Vulnerability
Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
94.3%
Mar 25, 2022 CVE-2018-14839 LG N1A1 NAS
LG N1A1 NAS Remote Command Execution Vulnerability
LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
89.3%
Mar 25, 2022 CVE-2018-6961 VMware SD-WAN Edge
browser enterprise network smb essential
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code executi…
93.9%
Mar 25, 2022 CVE-2018-8373 Microsoft Internet Explorer Scripting Engine
endpoint m365 smb essential
Microsoft Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
82.5%
Mar 25, 2022 CVE-2018-8414 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
89.2%
Mar 25, 2022 CVE-2019-0903 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this…
34.4%
Mar 25, 2022 CVE-2019-1003030 Jenkins Matrix Project Plugin
Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
91.8%
Mar 25, 2022 CVE-2019-10068 Kentico Xperience
Kentico Xperience Deserialization of Untrusted Data Vulnerability
Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
93.8%
Mar 25, 2022 CVE-2019-11043
Ransomware
PHP FastCGI Process Manager (FPM)
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code executio…
94.1%
Mar 25, 2022 CVE-2019-12989 Citrix SD-WAN and NetScaler
enterprise network vpn remote
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
91.5%
Mar 25, 2022 CVE-2019-12991 Citrix SD-WAN and NetScaler
enterprise network vpn remote
Citrix SD-WAN and NetScaler Command Injection Vulnerability
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
80.8%
Mar 25, 2022 CVE-2019-15107
Ransomware
Webmin Webmin
Webmin Command Injection Vulnerability
An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
94.5%
Mar 25, 2022 CVE-2019-16920 D-Link Multiple Routers
network
D-Link Multiple Routers Command Injection Vulnerability
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
94.3%
Mar 25, 2022 CVE-2019-2616 Oracle BI Publisher (Formerly XML Publisher)
database enterprise
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerabilit…
94.0%
Mar 25, 2022 CVE-2019-6340 Drupal Core
web server
Drupal Core Remote Code Execution Vulnerability
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
94.4%
Mar 25, 2022 CVE-2020-1631 Juniper Junos OS
network
Juniper Junos OS Path Traversal Vulnerability
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero To…
5.4%
Mar 25, 2022 CVE-2020-1956 Apache Kylin
web server
Apache Kylin OS Command Injection Vulnerability
Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
94.1%
Mar 25, 2022 CVE-2020-2021
Ransomware
Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
19.0%
Mar 25, 2022 CVE-2020-2506 QNAP Systems Helpdesk
QNAP Helpdesk Improper Access Control Vulnerability
QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
18.0%
Mar 25, 2022 CVE-2020-25223 Sophos SG UTM
endpoint network
Sophos SG UTM Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
94.3%
Mar 25, 2022 CVE-2020-5410 VMware Tanzu Spring Cloud Configuration (Config) Server
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
94.3%
Mar 25, 2022 CVE-2020-7247 OpenBSD OpenSMTPD
OpenSMTPD Remote Code Execution Vulnerability
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
94.1%
Mar 25, 2022 CVE-2020-9054 Zyxel Multiple Network-Attached Storage (NAS) Devices
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute a…
94.3%
Mar 25, 2022 CVE-2020-9377 D-Link DIR-610 Devices
network
D-Link DIR-610 Devices Remote Command Execution
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
76.6%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.