Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 121–132 of 132 CVEs · Page 5 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2019-17558 Apache Solr
web server
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
94.5%
Nov 3, 2021 CVE-2019-9978 WordPress Social Warfare Plugin
smb essential web server
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
88.1%
Nov 3, 2021 CVE-2020-11738 WordPress Snap Creek Duplicator Plugin
smb essential web server
WordPress Snap Creek Duplicator Plugin File Download Vulnerability
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the genera…
94.3%
Nov 3, 2021 CVE-2020-14750 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
94.4%
Nov 3, 2021 CVE-2020-14871 Oracle Solaris and Zettabyte File System (ZFS)
database enterprise
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
88.9%
Nov 3, 2021 CVE-2020-14882 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
94.5%
Nov 3, 2021 CVE-2020-14883 Oracle WebLogic Server
database enterprise
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
94.4%
Nov 3, 2021 CVE-2020-17530 Apache Struts
web server
Apache Struts Remote Code Execution Vulnerability
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
94.4%
Nov 3, 2021 CVE-2020-25213 WordPress File Manager Plugin
smb essential web server
WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
94.4%
Nov 3, 2021 CVE-2020-2555 Oracle Multiple Products
database enterprise
Oracle Multiple Products Remote Code Execution Vulnerability
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. …
93.1%
Nov 3, 2021 CVE-2021-41773
Ransomware
Apache HTTP Server
web server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
94.4%
Nov 3, 2021 CVE-2021-42013
Ransomware
Apache HTTP Server
web server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.