Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 211–233 of 233 CVEs · Page 8 of 8 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2020-12812
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authenticati…
41.9%
Nov 3, 2021 CVE-2020-25506 D-Link DNS-320 Device
network
D-Link DNS-320 Device Command Injection Vulnerability
D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.
94.2%
Nov 3, 2021 CVE-2020-26919 NETGEAR JGS516PE Devices
network
Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
Netgear JGS516PE devices contain a missing function level access control vulnerability.
93.8%
Nov 3, 2021 CVE-2020-29557 D-Link DIR-825 R1 Devices
network
D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.
91.0%
Nov 3, 2021 CVE-2020-3118 Cisco IOS XR
mobile network
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute …
0.2%
Nov 3, 2021 CVE-2020-3161 Cisco Cisco IP Phones
network
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a…
87.1%
Nov 3, 2021 CVE-2020-3452 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could e…
94.4%
Nov 3, 2021 CVE-2020-3566 Cisco IOS XR
mobile network
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated,…
2.1%
Nov 3, 2021 CVE-2020-3569 Cisco IOS XR
mobile network
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated,…
4.7%
Nov 3, 2021 CVE-2020-3580
Ransomware
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services inter…
93.3%
Nov 3, 2021 CVE-2020-5902
Ransomware
F5 BIG-IP
network vpn remote
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.
94.4%
Nov 3, 2021 CVE-2020-8193 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL en…
94.4%
Nov 3, 2021 CVE-2020-8195 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
80.3%
Nov 3, 2021 CVE-2020-8196 Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance
enterprise network vpn remote
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
68.1%
Nov 3, 2021 CVE-2021-1497 Cisco HyperFlex HX
network
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
94.4%
Nov 3, 2021 CVE-2021-1498 Cisco HyperFlex HX
network
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the…
94.2%
Nov 3, 2021 CVE-2021-20016
Ransomware
SonicWall SSLVPN SMA100
network vpn remote
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
79.8%
Nov 3, 2021 CVE-2021-20021
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Improper Privilege Management Vulnerability
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to t…
91.2%
Nov 3, 2021 CVE-2021-20022
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Unrestricted Upload of File Vulnerability
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. T…
32.6%
Nov 3, 2021 CVE-2021-20023
Ransomware
SonicWall SonicWall Email Security
network vpn remote
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in …
55.4%
Nov 3, 2021 CVE-2021-22986
Ransomware
F5 BIG-IP and BIG-IQ Centralized Management
network vpn remote
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access …
94.5%
Nov 3, 2021 CVE-2021-31755 Tenda AC11 Router
network
Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
94.0%
Nov 3, 2021 CVE-2021-35395 Realtek AP-Router SDK
network
Realtek AP-Router SDK Buffer Overflow Vulnerability
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of…
93.7%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.