Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,441–1,470 of 1,619 CVEs · Page 49 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2020-11651 SaltStack Salt
SaltStack Salt Authentication Bypass Vulnerability
SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote u…
94.2%
Nov 3, 2021 CVE-2020-11652 SaltStack Salt
SaltStack Salt Path Traversal Vulnerability
SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamenta…
93.7%
Nov 3, 2021 CVE-2020-11738 WordPress Snap Creek Duplicator Plugin
smb essential web server
WordPress Snap Creek Duplicator Plugin File Download Vulnerability
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the genera…
94.3%
Nov 3, 2021 CVE-2020-12271
Ransomware
Sophos SFOS
endpoint network
Sophos SFOS SQL Injection Vulnerability
Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is expose…
86.6%
Nov 3, 2021 CVE-2020-12812
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authenticati…
41.9%
Nov 3, 2021 CVE-2020-1350 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability…
93.8%
Nov 3, 2021 CVE-2020-1380 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
91.7%
Nov 3, 2021 CVE-2020-1464 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Spoofing Vulnerability
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed…
7.9%
Nov 3, 2021 CVE-2020-1472
Ransomware
Microsoft Netlogon
endpoint m365 smb essential
Microsoft Netlogon Privilege Escalation Vulnerability
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a doma…
94.4%
Nov 3, 2021 CVE-2020-14750 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
94.4%
Nov 3, 2021 CVE-2020-14871 Oracle Solaris and Zettabyte File System (ZFS)
database enterprise
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
88.9%
Nov 3, 2021 CVE-2020-14882 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
94.5%
Nov 3, 2021 CVE-2020-14883 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
94.4%
Nov 3, 2021 CVE-2020-15505 Ivanti MobileIron Multiple Products
endpoint vpn remote
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-15999 Google Chrome FreeType
browser smb essential
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG…
93.0%
Nov 3, 2021 CVE-2020-16009 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
84.4%
Nov 3, 2021 CVE-2020-16010 Google Chrome for Android UI
browser mobile smb essential
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbo…
19.6%
Nov 3, 2021 CVE-2020-16013 Google Chromium V8
browser smb essential
Google Chromium V8 Incorrect Implementation Vulnerabililty
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This…
26.1%
Nov 3, 2021 CVE-2020-16017 Google Chrome
browser smb essential
Google Chrome Use-After-Free Vulnerability
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafte…
21.4%
Nov 3, 2021 CVE-2020-16846 SaltStack Salt
SaltStack Salt Shell Injection Vulnerability
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affe…
94.4%
Nov 3, 2021 CVE-2020-17087 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
20.4%
Nov 3, 2021 CVE-2020-17144 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.
92.0%
Nov 3, 2021 CVE-2020-17496 vBulletin vBulletin
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_ta…
94.2%
Nov 3, 2021 CVE-2020-17530 Apache Struts
web server
Apache Struts Remote Code Execution Vulnerability
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
94.4%
Nov 3, 2021 CVE-2020-24557 Trend Micro Apex One, OfficeScan, and Worry-Free Business Security
endpoint
Trend Micro Multiple Products Improper Access Control Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a…
1.9%
Nov 3, 2021 CVE-2020-25213 WordPress File Manager Plugin
smb essential web server
WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
94.4%
Nov 3, 2021 CVE-2020-25506 D-Link DNS-320 Device
network
D-Link DNS-320 Device Command Injection Vulnerability
D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.
94.2%
Nov 3, 2021 CVE-2020-2555 Oracle Multiple Products
database enterprise
Oracle Multiple Products Remote Code Execution Vulnerability
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. …
93.1%
Nov 3, 2021 CVE-2020-26919 NETGEAR JGS516PE Devices
network
Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
Netgear JGS516PE devices contain a missing function level access control vulnerability.
93.8%
Nov 3, 2021 CVE-2020-27930 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
43.9%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.