Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 1,501–1,530 of 1,619 CVEs · Page 51 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2020-8243 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Code Execution Vulnerability
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code…
20.5%
Nov 3, 2021 CVE-2020-8260 Ivanti Pulse Connect Secure
endpoint vpn remote
Ivanti Pulse Connect Secure Code Execution Vulnerability
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
73.0%
Nov 3, 2021 CVE-2020-8467 Trend Micro Apex One and OfficeScan
endpoint
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
31.1%
Nov 3, 2021 CVE-2020-8468 Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents
endpoint
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agen…
19.1%
Nov 3, 2021 CVE-2020-8515 DrayTek Multiple Vigor Routers
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
94.3%
Nov 3, 2021 CVE-2020-8599 Trend Micro Apex One and OfficeScan
endpoint
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
57.9%
Nov 3, 2021 CVE-2020-8644 PlaySMS PlaySMS
PlaySMS Server-Side Template Injection Vulnerability
PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
94.1%
Nov 3, 2021 CVE-2020-8655 EyesOfNetwork EyesOfNetwork
EyesOfNetwork Improper Privilege Management Vulnerability
EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.
87.9%
Nov 3, 2021 CVE-2020-8657 EyesOfNetwork EyesOfNetwork
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin acces…
88.9%
Nov 3, 2021 CVE-2020-9818 Apple iOS, iPadOS, and watchOS
endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously craf…
0.9%
Nov 3, 2021 CVE-2020-9819 Apple iOS, iPadOS, and watchOS
endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
0.6%
Nov 3, 2021 CVE-2020-9859 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Code Execution Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
0.1%
Nov 3, 2021 CVE-2021-1497 Cisco HyperFlex HX
network
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
94.4%
Nov 3, 2021 CVE-2021-1498 Cisco HyperFlex HX
network
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
94.2%
Nov 3, 2021 CVE-2021-1647 Microsoft Defender
endpoint m365 smb essential
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
76.1%
Nov 3, 2021 CVE-2021-1675
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
94.3%
Nov 3, 2021 CVE-2021-1732
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
88.3%
Nov 3, 2021 CVE-2021-1782 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Race Condition Vulnerability
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
5.9%
Nov 3, 2021 CVE-2021-1870 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
1.2%
Nov 3, 2021 CVE-2021-1871 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
0.5%
Nov 3, 2021 CVE-2021-1879 Apple iOS, iPadOS, and watchOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
0.8%
Nov 3, 2021 CVE-2021-1905 Qualcomm Multiple Chipsets
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
0.8%
Nov 3, 2021 CVE-2021-1906 Qualcomm Multiple Chipsets
Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability
Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU addr…
0.1%
Nov 3, 2021 CVE-2021-20016
Ransomware
SonicWall SSLVPN SMA100
network vpn remote
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
79.8%
Nov 3, 2021 CVE-2021-20021
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to t…
91.2%
Nov 3, 2021 CVE-2021-20022
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. T…
32.6%
Nov 3, 2021 CVE-2021-20023
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in …
55.4%
Nov 3, 2021 CVE-2021-20090 Arcadyan Buffalo Firmware
Arcadyan Buffalo Firmware Path Traversal Vulnerability
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. Thi…
94.4%
Nov 3, 2021 CVE-2021-21017 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current …
90.2%
Nov 3, 2021 CVE-2021-21148 Google Chromium V8
browser smb essential
Google Chromium V8 Heap Buffer Overflow Vulnerability
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
22.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.