Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 121–150 of 171 CVEs · Page 5 of 6 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jan 18, 2022 CVE-2021-21975
Ransomware
VMware vRealize Operations Manager API
enterprise
VMware Server Side Request Forgery in vRealize Operations Manager API
Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perfor…
94.4%
Jan 18, 2022 CVE-2021-25296 Nagios Nagios XI
enterprise
Nagios XI OS Command Injection
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
93.3%
Jan 18, 2022 CVE-2021-25297 Nagios Nagios XI
enterprise
Nagios XI OS Command Injection
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
81.9%
Jan 18, 2022 CVE-2021-25298 Nagios Nagios XI
enterprise
Nagios XI OS Command Injection
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
75.2%
Jan 10, 2022 CVE-2015-7450 IBM WebSphere Application Server and Server Hypervisor Edition
enterprise
IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary…
93.3%
Jan 10, 2022 CVE-2019-2725
Ransomware
Oracle WebLogic Server
database enterprise
Oracle WebLogic Server, Injection
Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
94.5%
Jan 10, 2022 CVE-2021-22017 VMware vCenter Server
enterprise
VMware vCenter Server Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
74.8%
Nov 3, 2021 CVE-2010-5326 SAP NetWeaver
enterprise
SAP NetWeaver Remote Code Execution Vulnerability
SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.
13.2%
Nov 3, 2021 CVE-2012-3152 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.
93.5%
Nov 3, 2021 CVE-2015-4852 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
92.9%
Nov 3, 2021 CVE-2016-3643 SolarWinds Virtualization Manager
enterprise
SolarWinds Virtualization Manager Privilege Escalation Vulnerability
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
5.2%
Nov 3, 2021 CVE-2016-3976 SAP NetWeaver
enterprise
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. T…
76.3%
Nov 3, 2021 CVE-2016-9563 SAP NetWeaver
enterprise
SAP NetWeaver XML External Entity (XXE) Vulnerability
SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XX…
58.8%
Nov 3, 2021 CVE-2017-9248 Progress ASP.NET AJAX and Sitefinity
enterprise
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability
Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogPar…
89.4%
Nov 3, 2021 CVE-2018-2380
Ransomware
SAP Customer Relationship Management (CRM)
enterprise
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.
48.8%
Nov 3, 2021 CVE-2019-11580
Ransomware
Atlassian Crowd and Crowd Data Center
enterprise smb essential
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
94.4%
Nov 3, 2021 CVE-2019-11634
Ransomware
Citrix Workspace Application and Receiver for Windows
endpoint enterprise smb essential vpn remote
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
52.4%
Nov 3, 2021 CVE-2019-13608
Ransomware
Citrix StoreFront Server
enterprise vpn remote
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
71.7%
Nov 3, 2021 CVE-2019-15949 Nagios Nagios XI
enterprise
Nagios XI Remote Code Execution Vulnerability
Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
86.9%
Nov 3, 2021 CVE-2019-18935
Ransomware
Progress Telerik UI for ASP.NET AJAX
enterprise
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context o…
93.7%
Nov 3, 2021 CVE-2019-19781
Ransomware
Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code exe…
94.4%
Nov 3, 2021 CVE-2019-3396
Ransomware
Atlassian Confluence Server and Data Server
enterprise smb essential
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.
94.5%
Nov 3, 2021 CVE-2019-3398 Atlassian Confluence Server and Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write fil…
93.9%
Nov 3, 2021 CVE-2019-4716 IBM Planning Analytics
enterprise
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scriptin…
93.4%
Nov 3, 2021 CVE-2019-5544
Ransomware
VMware VMware ESXi and Horizon DaaS
enterprise
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrit…
92.1%
Nov 3, 2021 CVE-2020-10148 SolarWinds Orion
enterprise
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.
94.3%
Nov 3, 2021 CVE-2020-14750 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
94.4%
Nov 3, 2021 CVE-2020-14871 Oracle Solaris and Zettabyte File System (ZFS)
database enterprise
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
88.9%
Nov 3, 2021 CVE-2020-14882 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
94.5%
Nov 3, 2021 CVE-2020-14883 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.