Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2019-17558 | Apache Solr |
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
|
— | 94.5% |
| Nov 3, 2021 | CVE-2019-9978 | WordPress Social Warfare Plugin |
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
|
— | 88.1% |
| Nov 3, 2021 | CVE-2020-11738 | WordPress Snap Creek Duplicator Plugin |
WordPress Snap Creek Duplicator Plugin File Download Vulnerability
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the genera…
|
— | 94.3% |
| Nov 3, 2021 | CVE-2020-14750 | Oracle WebLogic Server |
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-14871 | Oracle Solaris and Zettabyte File System (ZFS) |
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
|
— | 88.9% |
| Nov 3, 2021 | CVE-2020-14882 | Oracle WebLogic Server |
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.
|
— | 94.5% |
| Nov 3, 2021 | CVE-2020-14883 | Oracle WebLogic Server |
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-17530 | Apache Struts |
Apache Struts Remote Code Execution Vulnerability
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-25213 | WordPress File Manager Plugin |
WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2020-2555 | Oracle Multiple Products |
Oracle Multiple Products Remote Code Execution Vulnerability
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. …
|
— | 93.1% |
| Nov 3, 2021 |
CVE-2021-41773
Ransomware |
Apache HTTP Server |
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2021-42013
Ransomware |
Apache HTTP Server |
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directive…
|
— | 94.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.