Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 |
CVE-2021-20016
Ransomware |
SonicWall SSLVPN SMA100 |
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
|
— | 79.8% |
| Nov 3, 2021 |
CVE-2021-20021
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to t…
|
— | 91.2% |
| Nov 3, 2021 |
CVE-2021-20022
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. T…
|
— | 32.6% |
| Nov 3, 2021 |
CVE-2021-20023
Ransomware |
SonicWall SonicWall Email Security |
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in …
|
— | 55.4% |
| Nov 3, 2021 |
CVE-2021-22893
Ransomware |
Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
|
— | 93.6% |
| Nov 3, 2021 | CVE-2021-22894 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciousl…
|
— | 42.0% |
| Nov 3, 2021 | CVE-2021-22899 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
|
— | 19.5% |
| Nov 3, 2021 | CVE-2021-22900 | Ivanti Pulse Connect Secure |
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive…
|
— | 2.6% |
| Nov 3, 2021 |
CVE-2021-22986
Ransomware |
F5 BIG-IP and BIG-IQ Centralized Management |
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access …
|
— | 94.5% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.