Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 91–120 of 129 CVEs · Page 4 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 25, 2022 CVE-2019-12989 Citrix SD-WAN and NetScaler
enterprise network vpn remote
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
91.5%
Mar 25, 2022 CVE-2019-12991 Citrix SD-WAN and NetScaler
enterprise network vpn remote
Citrix SD-WAN and NetScaler Command Injection Vulnerability
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
80.8%
Mar 25, 2022 CVE-2020-2021
Ransomware
Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
19.0%
Mar 25, 2022 CVE-2021-22941
Ransomware
Citrix ShareFile
enterprise vpn remote
Citrix ShareFile Improper Access Control Vulnerability
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
88.5%
Mar 15, 2022 CVE-2020-5135 SonicWall SonicOS
network vpn remote
SonicWall SonicOS Buffer Overflow Vulnerability
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the f…
25.5%
Mar 7, 2022 CVE-2020-8218 Pulse Secure Pulse Connect Secure
vpn remote
Pulse Connect Secure Code Injection Vulnerability
A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
91.1%
Mar 3, 2022 CVE-2018-0154 Cisco IOS Software
mobile network vpn remote
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause …
11.7%
Mar 3, 2022 CVE-2019-1652 Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers
network vpn remote
Cisco Small Business Routers Improper Input Validation Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with admin…
92.7%
Jan 28, 2022 CVE-2021-20038
Ransomware
SonicWall SMA 100 Appliances
network vpn remote
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
94.3%
Jan 18, 2022 CVE-2021-22991 F5 BIG-IP Traffic Management Microkernel
network vpn remote
F5 BIG-IP Traffic Management Microkernel Buffer Overflow
The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.
73.1%
Jan 10, 2022 CVE-2018-13382
Ransomware
Fortinet FortiOS and FortiProxy
network vpn remote
Fortinet FortiOS and FortiProxy Improper Authorization
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
87.1%
Jan 10, 2022 CVE-2018-13383
Ransomware
Fortinet FortiOS and FortiProxy
network vpn remote
Fortinet FortiOS and FortiProxy Out-of-bounds Write
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
1.8%
Jan 10, 2022 CVE-2019-1579
Ransomware
Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
92.9%
Dec 10, 2021 CVE-2021-44168 Fortinet FortiOS
network vpn remote
Fortinet FortiOS Arbitrary File Download
Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
1.2%
Nov 3, 2021 CVE-2018-13379
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted H…
94.5%
Nov 3, 2021 CVE-2019-11510
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted …
94.5%
Nov 3, 2021 CVE-2019-11539
Ransomware
Ivanti Pulse Connect Secure and Pulse Policy Secure
endpoint vpn remote
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
93.9%
Nov 3, 2021 CVE-2019-11634
Ransomware
Citrix Workspace Application and Receiver for Windows
endpoint enterprise smb essential vpn remote
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
52.4%
Nov 3, 2021 CVE-2019-13608
Ransomware
Citrix StoreFront Server
enterprise vpn remote
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
71.7%
Nov 3, 2021 CVE-2019-19781
Ransomware
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code exe…
94.4%
Nov 3, 2021 CVE-2019-5591 Fortinet FortiOS
network vpn remote
Fortinet FortiOS Default Configuration Vulnerability
Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating t…
50.6%
Nov 3, 2021 CVE-2019-7481
Ransomware
SonicWall SMA100
network vpn remote
SonicWall SMA100 SQL Injection Vulnerability
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
94.3%
Nov 3, 2021 CVE-2020-12812
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authenticati…
41.9%
Nov 3, 2021 CVE-2020-15505 Ivanti MobileIron Multiple Products
endpoint vpn remote
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-5902
Ransomware
F5 BIG-IP
network vpn remote
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.
94.4%
Nov 3, 2021 CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL en…
94.4%
Nov 3, 2021 CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
80.3%
Nov 3, 2021 CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
68.1%
Nov 3, 2021 CVE-2020-8243 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code…
20.5%
Nov 3, 2021 CVE-2020-8260 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Code Execution Vulnerability
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
73.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.