Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 91–120 of 233 CVEs · Page 4 of 8 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Oct 23, 2023 CVE-2023-20273 Cisco Cisco IOS XE Web UI
mobile network
Cisco IOS XE Web UI Command Injection Vulnerability
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privil…
92.6%
Oct 16, 2023 CVE-2023-20198 Cisco IOS XE Web UI
mobile network
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege…
94.0%
Oct 10, 2023 CVE-2023-20109 Cisco IOS and IOS XE
mobile network vpn remote
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has…
0.6%
Sep 13, 2023 CVE-2023-20269
Ransomware
Cisco Adaptive Security Appliance and Firepower Threat Defense
network
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute…
1.2%
Jun 29, 2023 CVE-2019-17621 D-Link DIR-859 Router
network
D-Link DIR-859 Router Command Execution Vulnerability
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system comm…
93.0%
Jun 29, 2023 CVE-2019-20500 D-Link DWL-2600AP Access Point
network
D-Link DWL-2600AP Access Point Command Injection Vulnerability
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters …
89.9%
Jun 13, 2023 CVE-2023-27997
Ransomware
Fortinet FortiOS and FortiProxy SSL-VPN
network vpn remote
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via spec…
90.8%
May 26, 2023 CVE-2023-2868 Barracuda Networks Email Security Gateway (ESG) Appliance
network
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
89.2%
May 19, 2023 CVE-2004-1464 Cisco IOS
mobile network
Cisco IOS Denial-of-Service Vulnerability
Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Proto…
2.2%
May 19, 2023 CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE
mobile network
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. con…
92.7%
May 12, 2023 CVE-2023-25717 Ruckus Wireless Multiple Products
network
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can…
94.2%
May 1, 2023 CVE-2023-1389 TP-Link Archer AX21
network
TP-Link Archer AX-21 Command Injection Vulnerability
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
93.3%
Apr 19, 2023 CVE-2017-6742 Cisco IOS and IOS XE Software
mobile network
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute cod…
14.8%
Mar 14, 2023 CVE-2022-41328 Fortinet FortiOS
network vpn remote
Fortinet FortiOS Path Traversal Vulnerability
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
0.2%
Dec 13, 2022 CVE-2022-42475
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or c…
94.0%
Oct 24, 2022 CVE-2020-3153
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious…
25.1%
Oct 24, 2022 CVE-2020-3433
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at …
3.9%
Oct 11, 2022 CVE-2022-40684
Ransomware
Fortinet Multiple Products
network vpn remote
Fortinet Multiple Products Authentication Bypass Vulnerability
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the admin…
94.4%
Sep 23, 2022 CVE-2022-3236 Sophos Firewall
endpoint network
Sophos Firewall Code Injection Vulnerability
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
92.8%
Sep 8, 2022 CVE-2011-4723 D-Link DIR-300 Router
network
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
14.1%
Sep 8, 2022 CVE-2017-5521 NETGEAR Multiple Devices
network
NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.
93.8%
Sep 8, 2022 CVE-2018-13374
Ransomware
Fortinet FortiOS and FortiADC
network vpn remote
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointin…
3.4%
Sep 8, 2022 CVE-2018-6530
Ransomware
D-Link Multiple Routers
network
D-Link Multiple Routers OS Command Injection Vulnerability
Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
94.2%
Sep 8, 2022 CVE-2022-26258 D-Link DIR-820L
network
D-Link DIR-820L Remote Code Execution Vulnerability
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
87.2%
Aug 22, 2022 CVE-2022-0028 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
4.7%
Aug 18, 2022 CVE-2017-15944 Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
94.0%
Jun 8, 2022 CVE-2017-6862 NETGEAR Multiple Devices
network
NETGEAR Multiple Devices Buffer Overflow Vulnerability
Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.
43.1%
Jun 8, 2022 CVE-2019-15271 Cisco RV Series Routers
network
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code w…
5.6%
May 24, 2022 CVE-2016-6366 Cisco Adaptive Security Appliance (ASA)
network
Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability
A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to …
90.8%
May 24, 2022 CVE-2016-6367 Cisco Adaptive Security Appliance (ASA)
network
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or pote…
18.8%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.