Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2019-3398 | Atlassian Confluence Server and Data Center |
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write fil…
|
— | 93.9% |
| Nov 3, 2021 | CVE-2019-4716 | IBM Planning Analytics |
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scriptin…
|
— | 93.4% |
| Nov 3, 2021 |
CVE-2019-5544
Ransomware |
VMware VMware ESXi and Horizon DaaS |
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrit…
|
— | 92.1% |
| Nov 3, 2021 | CVE-2019-5591 | Fortinet FortiOS |
Fortinet FortiOS Default Configuration Vulnerability
Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating t…
|
— | 50.6% |
| Nov 3, 2021 | CVE-2019-6223 | Apple iOS and macOS |
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
|
— | 0.4% |
| Nov 3, 2021 |
CVE-2019-7481
Ransomware |
SonicWall SMA100 |
SonicWall SMA100 SQL Injection Vulnerability
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
|
— | 94.3% |
| Nov 3, 2021 | CVE-2019-8394 | Zoho ManageEngine |
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
|
— | 87.5% |
| Nov 3, 2021 | CVE-2019-9082 | ThinkPHP ThinkPHP |
ThinkPHP Remote Code Execution Vulnerability
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&va…
|
— | 94.2% |
| Nov 3, 2021 | CVE-2019-9978 | WordPress Social Warfare Plugin |
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
|
— | 88.1% |
| Nov 3, 2021 | CVE-2020-0041 | Android Android Kernel |
Android Kernel Out-of-Bounds Write Vulnerability
Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This …
|
— | 23.9% |
| Nov 3, 2021 | CVE-2020-0069 | MediaTek Multiple Chipsets |
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2020-0601 | Microsoft Windows |
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the v…
|
— | 94.1% |
| Nov 3, 2021 | CVE-2020-0646 | Microsoft .NET Framework |
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
|
— | 93.9% |
| Nov 3, 2021 | CVE-2020-0674 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote co…
|
— | 93.6% |
| Nov 3, 2021 | CVE-2020-0683 | Microsoft Windows |
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or …
|
— | 31.3% |
| Nov 3, 2021 |
CVE-2020-0688
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2020-0878
Ransomware |
Microsoft Edge and Internet Explorer |
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
|
— | 5.3% |
| Nov 3, 2021 | CVE-2020-0938 | Microsoft Windows |
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
|
— | 87.0% |
| Nov 3, 2021 | CVE-2020-0968 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
|
— | 43.7% |
| Nov 3, 2021 | CVE-2020-0986 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
|
— | 16.5% |
| Nov 3, 2021 | CVE-2020-10148 | SolarWinds Orion |
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
|
— | 94.3% |
| Nov 3, 2021 | CVE-2020-10181 | Sumavision Enhanced Multimedia Router (EMR) |
Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability
Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on …
|
— | 20.6% |
| Nov 3, 2021 | CVE-2020-10189 | Zoho ManageEngine |
Zoho ManageEngine Desktop Central File Upload Vulnerability
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
|
— | 94.2% |
| Nov 3, 2021 | CVE-2020-10199 | Sonatype Nexus Repository |
Sonatype Nexus Repository Remote Code Execution Vulnerability
Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-1020 | Microsoft Windows |
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
|
— | 85.7% |
| Nov 3, 2021 | CVE-2020-10221 | rConfig rConfig |
rConfig OS Command Injection Vulnerability
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fil…
|
— | 91.4% |
| Nov 3, 2021 | CVE-2020-1040 | Microsoft Hyper-V RemoteFX |
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2020-1054 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an at…
|
— | 81.2% |
| Nov 3, 2021 | CVE-2020-10987 | Tenda AC1900 Router AC15 Model |
Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
|
— | 93.7% |
| Nov 3, 2021 | CVE-2020-1147 | Microsoft .NET Framework, SharePoint, Visual Studio |
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file inpu…
|
— | 93.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.