Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 121–129 of 129 CVEs · Page 5 of 5 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2021-20016
Ransomware
SonicWall SSLVPN SMA100
network vpn remote
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
79.8%
Nov 3, 2021 CVE-2021-20021
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to t…
91.2%
Nov 3, 2021 CVE-2021-20022
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. T…
32.6%
Nov 3, 2021 CVE-2021-20023
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in …
55.4%
Nov 3, 2021 CVE-2021-22893
Ransomware
Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
93.6%
Nov 3, 2021 CVE-2021-22894 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciousl…
42.0%
Nov 3, 2021 CVE-2021-22899 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
19.5%
Nov 3, 2021 CVE-2021-22900 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive…
2.6%
Nov 3, 2021 CVE-2021-22986
Ransomware
F5 BIG-IP and BIG-IQ Centralized Management
network vpn remote
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access …
94.5%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.