Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 151–171 of 171 CVEs · Page 6 of 6 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2020-2555 Oracle Multiple Products
database enterprise
Oracle Multiple Products Remote Code Execution Vulnerability
Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. …
93.1%
Nov 3, 2021 CVE-2020-3950 VMware Multiple Products
enterprise
VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers …
16.1%
Nov 3, 2021 CVE-2020-3952 VMware vCenter Server
enterprise
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly imple…
94.4%
Nov 3, 2021 CVE-2020-3992
Ransomware
VMware ESXi
enterprise
VMware ESXi OpenSLP Use-After-Free Vulnerability
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
90.3%
Nov 3, 2021 CVE-2020-4006 VMware Multiple Products
enterprise
Multiple VMware Products Command Injection Vulnerability
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the a…
13.6%
Nov 3, 2021 CVE-2020-4427 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Security Bypass Vulnerability
IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By send…
92.7%
Nov 3, 2021 CVE-2020-4428 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Remote Code Execution Vulnerability
IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�
92.3%
Nov 3, 2021 CVE-2020-4430 IBM Data Risk Manager
enterprise
IBM Data Risk Manager Directory Traversal Vulnerability
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL reques…
83.8%
Nov 3, 2021 CVE-2020-6207 SAP Solution Manager
enterprise
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connect…
94.2%
Nov 3, 2021 CVE-2020-6287 SAP NetWeaver
enterprise
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration task…
94.4%
Nov 3, 2021 CVE-2020-7961 Liferay Liferay Portal
enterprise
Liferay Portal Deserialization of Untrusted Data Vulnerability
Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.
94.4%
Nov 3, 2021 CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL en…
94.4%
Nov 3, 2021 CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
80.3%
Nov 3, 2021 CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
68.1%
Nov 3, 2021 CVE-2021-21972
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute …
93.8%
Nov 3, 2021 CVE-2021-21985
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for …
94.4%
Nov 3, 2021 CVE-2021-22005
Ransomware
VMware vCenter Server
enterprise
VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
94.4%
Nov 3, 2021 CVE-2021-22205
Ransomware
GitLab Community and Enterprise Editions
enterprise smb essential
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file ex…
94.5%
Nov 3, 2021 CVE-2021-26084
Ransomware
Atlassian Confluence Server and Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
94.4%
Nov 3, 2021 CVE-2021-30116
Ransomware
Kaseya Virtual System/Server Administrator (VSA)
enterprise smb essential
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further …
54.1%
Nov 3, 2021 CVE-2021-35211
Ransomware
SolarWinds Serv-U
enterprise
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
94.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.