www.cisa.gov
Open in
urlscan Pro
2a02:26f0:3500:88d::447a
Public Scan
URL:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Submission: On April 04 via api from US — Scanned from DE
Submission: On April 04 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="cisa">
<div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="cisa">
<div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>Text Content
Skip to main content An official website of the United States government Here's how you know * EMAIL US(link sends email) * CONTACT * SITE MAP Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. Enter Search Terms(s): -------------------------------------------------------------------------------- Toggle navigation Enter Search Terms(s): CISA NAVIGATION * * * * * * -------------------------------------------------------------------------------- TLP:WHITE TLP:WHITE KNOWN EXPLOITED VULNERABILITIES CATALOG Download CSV version Download JSON version Download JSON schema Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin Back to previous page for background on known exploited vulnerabilities Show 102550100 entries Search: CVEVendor/ProjectProductVulnerability NameDate Added to CatalogShort DescriptionActionDue DateNotesCVE-2021-27104 Accellion FTA Accellion FTA OS Command Injection Vulnerability 2021-11-03 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. Apply updates per vendor instructions. 2021-11-17 CVE-2021-27102 Accellion FTA Accellion FTA OS Command Injection Vulnerability 2021-11-03 Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. Apply updates per vendor instructions. 2021-11-17 CVE-2021-27101 Accellion FTA Accellion FTA SQL Injection Vulnerability 2021-11-03 Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. Apply updates per vendor instructions. 2021-11-17 CVE-2021-27103 Accellion FTA Accellion FTA SSRF Vulnerability 2021-11-03 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. Apply updates per vendor instructions. 2021-11-17 CVE-2021-21017 Adobe Acrobat and Reader Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability 2021-11-03 Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions. 2021-11-17 CVE-2021-28550 Adobe Acrobat and Reader Adobe Acrobat and Reader Use-After-Free Vulnerability 2021-11-03 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Apply updates per vendor instructions. 2021-11-17 CVE-2018-4939 Adobe ColdFusion Adobe ColdFusion Deserialization of Untrusted Data vulnerability 2021-11-03 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions. 2022-05-03 CVE-2018-15961 Adobe ColdFusion Adobe ColdFusion Remote Code Execution 2021-11-03 Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. Apply updates per vendor instructions. 2022-05-03 CVE-2018-4878 Adobe Flash Player Adobe Flash Player Use-After-Free vulnerability 2021-11-03 A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. Apply updates per vendor instructions. 2022-05-03 CVE-2020-5735 Amcrest Cameras and Network Video Recorder (NVR) Amcrest Camera and NVR Buffer Overflow Vulnerability 2021-11-03 Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. Apply updates per vendor instructions. 2022-05-03 Showing 1 to 10 of 613 entries Previous12345…62Next Back to top Cybersecurity & Infrastructure Security Agency CONTACT SUBSCRIBE REPORT(link sends email) Need CISA’s help but don’t know where to start? Contact CISA Central(link sends email) Accountability Privacy Policy FOIA No Fear Act Accessibility Plain Writing Plug-ins Inspector General DHS The White House USA.gov