Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,411–1,440 of 1,619 CVEs · Page 48 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2019-3398 Atlassian Confluence Server and Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write fil…
93.9%
Nov 3, 2021 CVE-2019-4716 IBM Planning Analytics
enterprise
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scriptin…
93.4%
Nov 3, 2021 CVE-2019-5544
Ransomware
VMware VMware ESXi and Horizon DaaS
enterprise
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrit…
92.1%
Nov 3, 2021 CVE-2019-5591 Fortinet FortiOS
network vpn remote
Fortinet FortiOS Default Configuration Vulnerability
Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating t…
50.6%
Nov 3, 2021 CVE-2019-6223 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
0.4%
Nov 3, 2021 CVE-2019-7481
Ransomware
SonicWall SMA100
network vpn remote
SonicWall SMA100 SQL Injection Vulnerability
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
94.3%
Nov 3, 2021 CVE-2019-8394 Zoho ManageEngine
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
87.5%
Nov 3, 2021 CVE-2019-9082 ThinkPHP ThinkPHP
ThinkPHP Remote Code Execution Vulnerability
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&va…
94.2%
Nov 3, 2021 CVE-2019-9978 WordPress Social Warfare Plugin
smb essential web server
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
88.1%
Nov 3, 2021 CVE-2020-0041 Android Android Kernel
mobile
Android Kernel Out-of-Bounds Write Vulnerability
Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This …
23.9%
Nov 3, 2021 CVE-2020-0069 MediaTek Multiple Chipsets
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an…
0.8%
Nov 3, 2021 CVE-2020-0601 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the v…
94.1%
Nov 3, 2021 CVE-2020-0646 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
93.9%
Nov 3, 2021 CVE-2020-0674 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote co…
93.6%
Nov 3, 2021 CVE-2020-0683 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or …
31.3%
Nov 3, 2021 CVE-2020-0688
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-0878
Ransomware
Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
5.3%
Nov 3, 2021 CVE-2020-0938 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
87.0%
Nov 3, 2021 CVE-2020-0968 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
43.7%
Nov 3, 2021 CVE-2020-0986 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
16.5%
Nov 3, 2021 CVE-2020-10148 SolarWinds Orion
enterprise
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
94.3%
Nov 3, 2021 CVE-2020-10181 Sumavision Enhanced Multimedia Router (EMR)
network
Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability
Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on …
20.6%
Nov 3, 2021 CVE-2020-10189 Zoho ManageEngine
Zoho ManageEngine Desktop Central File Upload Vulnerability
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
94.2%
Nov 3, 2021 CVE-2020-10199 Sonatype Nexus Repository
Sonatype Nexus Repository Remote Code Execution Vulnerability
Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-1020 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
85.7%
Nov 3, 2021 CVE-2020-10221 rConfig rConfig
rConfig OS Command Injection Vulnerability
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fil…
91.4%
Nov 3, 2021 CVE-2020-1040 Microsoft Hyper-V RemoteFX
endpoint m365 smb essential
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest…
0.2%
Nov 3, 2021 CVE-2020-1054 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an at…
81.2%
Nov 3, 2021 CVE-2020-10987 Tenda AC1900 Router AC15 Model
network
Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
93.7%
Nov 3, 2021 CVE-2020-1147 Microsoft .NET Framework, SharePoint, Visual Studio
endpoint m365 smb essential
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file inpu…
93.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.