1,619 totalEPSS avg 51.6%

KEVKnown Exploited Vulnerabilities

CISA’s actively-exploited catalogue · refreshed weekly · authored by Adam Lundqvist

VendorEPSS ≥0%Since

Showing 1,619 of 1,619 · page 26 of 33

CVE	Vendor / Product	Title	KEV added	EPSS
CVE-2022-24086	Adobe / Commerce and Magento Open Source	Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability	2022-02-15	99.2%
CVE-2022-22620	Apple / iOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability	2022-02-11	16.3%
CVE-2014-4404	Apple / OS X	Apple OS X Heap-Based Buffer Overflow Vulnerability	2022-02-10	49.0%
CVE-2015-1130	Apple / OS X	Apple OS X Authentication Bypass Vulnerability	2022-02-10	9.9%
CVE-2015-1635	Microsoft / HTTP.sys	Microsoft HTTP.sys Remote Code Execution Vulnerability	2022-02-10	100.0%
CVE-2015-2051	D-Link / DIR-645 Router	D-Link DIR-645 Router Remote Code Execution Vulnerability	2022-02-10	97.1%
CVE-2016-3088	Apache / ActiveMQ	Apache ActiveMQ Improper Input Validation Vulnerability	2022-02-10	98.5%
CVE-2017-0144	Microsoft / SMBv1	Microsoft SMBv1 Remote Code Execution Vulnerability	2022-02-10	99.2%
CVE-2017-0145	Microsoft / SMBv1	Microsoft SMBv1 Remote Code Execution Vulnerability	2022-02-10	89.8%
CVE-2017-0262	Microsoft / Office	Microsoft Office Remote Code Execution Vulnerability	2022-02-10	80.7%
CVE-2017-0263	Microsoft / Win32k	Microsoft Win32k Privilege Escalation Vulnerability	2022-02-10	10.0%
CVE-2017-10271	Oracle / WebLogic Server	Oracle Corporation WebLogic Server Remote Code Execution Vulnerability	2022-02-10	99.9%
CVE-2017-8464	Microsoft / Windows	Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability	2022-02-10	90.0%
CVE-2017-9791	Apache / Struts 1	Apache Struts 1 Improper Input Validation Vulnerability	2022-02-10	98.9%
CVE-2018-1000861	Jenkins / Jenkins Stapler Web Framework	Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability	2022-02-10	98.3%
CVE-2020-0796	Microsoft / SMBv3	Microsoft SMBv3 Remote Code Execution Vulnerability	2022-02-10	99.8%
CVE-2021-36934	Microsoft / Windows	Microsoft Windows SAM Local Privilege Escalation Vulnerability	2022-02-10	67.3%
CVE-2022-21882	Microsoft / Win32k	Microsoft Win32k Privilege Escalation Vulnerability	2022-02-04	55.7%
CVE-2014-1776	Microsoft / Internet Explorer	Microsoft Internet Explorer Memory Corruption Vulnerability	2022-01-28	88.0%
CVE-2014-6271	GNU / Bourne-Again Shell (Bash)	GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability	2022-01-28	100.0%
CVE-2014-7169	GNU / Bourne-Again Shell (Bash)	GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability	2022-01-28	99.9%
CVE-2017-5689	Intel / Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability	Intel Active Management Technology (AMT), Small Business Technology (SBT), an…	2022-01-28	92.2%
CVE-2020-0787	Microsoft / Windows	Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Pri…	2022-01-28	42.5%
CVE-2020-5722	Grandstream / UCM6200	Grandstream Networks UCM6200 Series SQL Injection Vulnerability	2022-01-28	84.0%
CVE-2021-20038	SonicWall / SMA 100 Appliances	SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability	2022-01-28	99.9%
CVE-2022-22587	Apple / iOS and macOS	Apple Memory Corruption Vulnerability	2022-01-28	11.6%
CVE-2006-1547	Apache / Struts 1	Apache Struts 1 ActionForm Denial-of-Service Vulnerability	2022-01-21	54.6%
CVE-2012-0391	Apache / Struts 2	Apache Struts 2 Improper Input Validation Vulnerability	2022-01-21	75.1%
CVE-2018-8453	Microsoft / Win32k	Microsoft Win32k Privilege Escalation Vulnerability	2022-01-21	73.1%
CVE-2021-35247	SolarWinds / Serv-U	SolarWinds Serv-U Improper Input Validation Vulnerability	2022-01-21	3.4%
CVE-2020-11978	Apache / Airflow	Apache Airflow Command Injection	2022-01-18	99.1%
CVE-2020-13671	Drupal / Drupal core	Drupal core Un-restricted Upload of File	2022-01-18	4.3%
CVE-2020-13927	Apache / Airflow's Experimental API	Apache Airflow's Experimental API Authentication Bypass	2022-01-18	99.7%
CVE-2020-14864	Oracle / Intelligence Enterprise Edition	Oracle Business Intelligence Enterprise Edition Path Transversal	2022-01-18	97.2%
CVE-2021-21315	Npm package / System Information Library for Node.JS	System Information Library for Node.JS Command Injection	2022-01-18	90.2%
CVE-2021-21975	VMware / vRealize Operations Manager API	VMware Server Side Request Forgery in vRealize Operations Manager API	2022-01-18	78.4%
CVE-2021-22991	F5 / BIG-IP Traffic Management Microkernel	F5 BIG-IP Traffic Management Microkernel Buffer Overflow	2022-01-18	61.1%
CVE-2021-25296	Nagios / Nagios XI	Nagios XI OS Command Injection	2022-01-18	72.4%
CVE-2021-25297	Nagios / Nagios XI	Nagios XI OS Command Injection	2022-01-18	40.6%
CVE-2021-25298	Nagios / Nagios XI	Nagios XI OS Command Injection	2022-01-18	75.2%
CVE-2021-32648	October CMS / October CMS	October CMS Improper Authentication	2022-01-18	90.4%
CVE-2021-33766	Microsoft / Exchange Server	Microsoft Exchange Server Information Disclosure	2022-01-18	97.5%
CVE-2021-40870	Aviatrix / Aviatrix Controller	Aviatrix Controller Unrestricted Upload of File	2022-01-18	92.4%
CVE-2013-3900	Microsoft / WinVerifyTrust function	Microsoft WinVerifyTrust function Remote Code Execution	2022-01-10	44.6%
CVE-2015-7450	IBM / WebSphere Application Server and Server Hypervisor Edition	IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.	2022-01-10	97.7%
CVE-2017-1000486	Primetek / Primefaces Application	Primetek Primefaces Remote Code Execution Vulnerability	2022-01-10	94.1%
CVE-2018-13382	Fortinet / FortiOS and FortiProxy	Fortinet FortiOS and FortiProxy Improper Authorization	2022-01-10	81.7%
CVE-2018-13383	Fortinet / FortiOS and FortiProxy	Fortinet FortiOS and FortiProxy Out-of-bounds Write	2022-01-10	33.6%
CVE-2019-10149	Exim / Mail Transfer Agent (MTA)	Exim Mail Transfer Agent (MTA) Improper Input Validation	2022-01-10	100.0%
CVE-2019-1458	Microsoft / Win32k	Microsoft Win32k Privilege Escalation Vulnerability	2022-01-10	74.4%

Sourced from CISA Known Exploited Vulnerabilities — current weekly refresh. EPSS scores from FIRST.org via epss.cyentia.com. Curated by Adam Lundqvist, Founder at SQUR.