| CVE-2022-20700 | | 0.14 | — | 0.29 | KEV | Feb 10, 2022 | Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. |
| CVE-2021-40407 | | 0.14 | — | 0.25 | KEV | Jan 28, 2022 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. |
| CVE-2021-30807 | | 0.14 | — | 0.23 | KEV | Oct 19, 2021 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. |
| CVE-2021-33739 | | 0.14 | — | 0.19 | KEV | Jun 8, 2021 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2021-27852 | | 0.14 | — | 0.26 | KEV | May 27, 2021 | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7. |
| CVE-2021-22894 | | 0.14 | — | 0.25 | KEV | May 27, 2021 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. |
| CVE-2021-21206 | | 0.14 | — | 0.22 | KEV | Apr 26, 2021 | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21193 | | 0.14 | — | 0.21 | KEV | Mar 16, 2021 | Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-21148 | | 0.14 | — | 0.25 | KEV | Feb 9, 2021 | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6572 | | 0.14 | — | 0.19 | KEV | Jan 14, 2021 | Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2020-16017 | | 0.14 | — | 0.21 | KEV | Jan 8, 2021 | Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-16013 | | 0.14 | — | 0.26 | KEV | Jan 8, 2021 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-17087 | | 0.14 | — | 0.22 | KEV | Nov 11, 2020 | Windows Kernel Local Elevation of Privilege Vulnerability |
| CVE-2020-16010 | | 0.14 | — | 0.20 | KEV | Nov 3, 2020 | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-5135 | | 0.14 | — | 0.24 | KEV | Oct 12, 2020 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. |
| CVE-2020-8467 | | 0.14 | — | 0.31 | KEV | Mar 18, 2020 | A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. |
| CVE-2020-8468 | | 0.14 | — | 0.19 | KEV | Mar 18, 2020 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. |
| CVE-2020-10181 | | 0.14 | — | 0.21 | KEV | Mar 11, 2020 | goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request. |
| CVE-2020-0041 | | 0.14 | — | 0.24 | KEV | Mar 10, 2020 | In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel |
| CVE-2019-19006 | | 0.14 | — | 0.22 | KEV | Nov 21, 2019 | Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. |
| CVE-2019-0703 | | 0.14 | — | 0.23 | KEV | Apr 8, 2019 | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. |
| CVE-2019-11001 | | 0.14 | — | 0.29 | KEV | Apr 8, 2019 | On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. |
| CVE-2019-0676 | | 0.14 | — | 0.24 | KEV | Mar 6, 2019 | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'. |
| CVE-2018-17480 | | 0.14 | — | 0.30 | KEV | Dec 11, 2018 | Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2018-0125 | | 0.14 | — | 0.29 | KEV | Feb 8, 2018 | A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170. |
| CVE-2026-33634 | | 0.13 | — | 0.15 | KEV | Mar 23, 2026 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action` to credential-stealing malware, and replace all 7 tags in `aquasecurity/setup-trivy` with malicious commits. This incident is a continuation of the supply chain attack that began in late February 2026. Following the initial disclosure on March 1, credential rotation was performed but was not atomic (not all credentials were revoked simultaneously). The attacker could have use a valid token to exfiltrate newly rotated secrets during the rotation window (which lasted a few days). This could have allowed the attacker to retain access and execute the March 19 attack. Affected components include the `aquasecurity/trivy` Go / Container image version 0.69.4, the `aquasecurity/trivy-action` GitHub Action versions 0.0.1 – 0.34.2 (76/77), and the`aquasecurity/setup-trivy` GitHub Action versions 0.2.0 – 0.2.6, prior to the recreation of 0.2.6 with a safe commit. Known safe versions include versions 0.69.2 and 0.69.3 of the Trivy binary, version 0.35.0 of trivy-action, and version 0.2.6 of setup-trivy. Additionally, take other mitigations to ensure the safety of secrets. If there is any possibility that a compromised version ran in one's environment, all secrets accessible to affected pipelines must be treated as exposed and rotated immediately. Check whether one's organization pulled or executed Trivy v0.69.4 from any source. Remove any affected artifacts immediately. Review all workflows using `aquasecurity/trivy-action` or `aquasecurity/setup-trivy`. Those who referenced a version tag rather than a full commit SHA should check workflow run logs from March 19–20, 2026 for signs of compromise. Look for repositories named `tpcp-docs` in one's GitHub organization. The presence of such a repository may indicate that the fallback exfiltration mechanism was triggered and secrets were successfully stolen. Pin GitHub Actions to full, immutable commit SHA hashes, don't use mutable version tags. |
| CVE-2026-25108 | | 0.13 | — | 0.08 | KEV | Feb 13, 2026 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. |
| CVE-2026-21525 | | 0.13 | — | 0.09 | KEV | Feb 10, 2026 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. |
| CVE-2026-21509 | | 0.13 | — | 0.13 | KEV | Jan 26, 2026 | Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. |
| CVE-2025-66376 | | 0.13 | — | 0.11 | KEV | Jan 5, 2026 | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. |
| CVE-2025-59718 | | 0.13 | — | 0.08 | KEV | Dec 9, 2025 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. |
| CVE-2025-53690 | | 0.13 | — | 0.07 | KEV | Sep 3, 2025 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. |
| CVE-2025-7775 | | 0.13 | — | 0.07 | KEV | Aug 26, 2025 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX |
| CVE-2025-8876 | | 0.13 | — | 0.09 | KEV | Aug 14, 2025 | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. |
| CVE-2025-8088 | | 0.13 | — | 0.07 | KEV | Aug 8, 2025 | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET. |
| CVE-2025-54948 | | 0.13 | — | 0.09 | KEV | Aug 5, 2025 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. |
| CVE-2025-6204 | | 0.13 | — | 0.07 | KEV | Aug 4, 2025 | An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. |
| CVE-2025-48928 | | 0.13 | — | 0.08 | KEV | May 28, 2025 | The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. |
| CVE-2025-48927 | | 0.13 | — | 0.09 | KEV | May 28, 2025 | The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. |
| CVE-2025-3935 | | 0.13 | — | 0.12 | KEV | Apr 25, 2025 | ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.
If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.
The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it. |
| CVE-2025-3928 | | 0.13 | — | 0.16 | KEV | Apr 25, 2025 | Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28. |
| CVE-2025-21418 | | 0.13 | — | 0.13 | KEV | Feb 11, 2025 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-21335 | | 0.13 | — | 0.08 | KEV | Jan 14, 2025 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| CVE-2024-53104 | | 0.13 | — | 0.14 | KEV | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
This can lead to out of bounds writes since frames of this type were not
taken into account when calculating the size of the frames buffer in
uvc_parse_streaming. |
| CVE-2024-11182 | | 0.13 | — | 0.15 | KEV | Nov 15, 2024 | An XSS issue was discovered in
MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message
with
JavaScript in an img tag. This could
allow a remote attacker
to load arbitrary JavaScript code in the context of a webmail user's browser window. |
| CVE-2024-8068 | | 0.13 | — | 0.08 | KEV | Nov 12, 2024 | Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain |
| CVE-2024-20481 | | 0.13 | — | 0.11 | KEV | Oct 23, 2024 | A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.
This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected.
Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials. |
| CVE-2024-43573 | | 0.13 | — | 0.18 | KEV | Oct 8, 2024 | Windows MSHTML Platform Spoofing Vulnerability |
| CVE-2024-43461 | | 0.13 | — | 0.10 | KEV | Sep 10, 2024 | Windows MSHTML Platform Spoofing Vulnerability |
| CVE-2024-38217 | | 0.13 | — | 0.14 | KEV | Sep 10, 2024 | Windows Mark of the Web Security Feature Bypass Vulnerability |
