Search
On this page ▾

KEV 2018

89 CISA Known Exploited Vulnerabilities from 2018

Critical 30

February 2025

CVE-2018-19410

Paessler PRTG Network Monitor — Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVSS 9.8

December 2024

CVE-2018-14933

NUUO NVRmini Devices — NUUO NVRmini Devices OS Command Injection Vulnerability

CVSS 9.8

September 2023

CVE-2018-14667

Red Hat JBoss RichFaces Framework — Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

CVSS 9.8

October 2022

CVE-2018-19323

GIGABYTE Multiple Products — GIGABYTE Multiple Products Privilege Escalation Vulnerability

CVSS 9.8

September 2022

CVE-2018-2628

Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability

CVSS 9.8
CVE-2018-6530

D-Link Multiple Routers — D-Link Multiple Routers OS Command Injection Vulnerability

CVSS 9.8
CVE-2018-7445

MikroTik RouterOS — MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability

CVSS 9.8

May 2022

CVE-2018-19949

QNAP Network Attached Storage (NAS) — QNAP NAS File Station Command Injection Vulnerability

CVSS 9.8

April 2022

CVE-2018-7841

Schneider Electric U.motion Builder — Schneider Electric U.motion Builder SQL Injection Vulnerability

CVSS 9.8
CVE-2018-20753

Kaseya Virtual System/Server Administrator (VSA) — Kaseya VSA Remote Code Execution Vulnerability

CVSS 9.8
CVE-2018-7602

Drupal Core — Drupal Core Remote Code Execution Vulnerability

CVSS 9.8

March 2022

CVE-2018-10561

Dasan Gigabit Passive Optical Network (GPON) Routers — Dasan GPON Routers Authentication Bypass Vulnerability

CVSS 9.8
CVE-2018-10562

Dasan Gigabit Passive Optical Network (GPON) Routers — Dasan GPON Routers Command Injection Vulnerability

CVSS 9.8
CVE-2018-0125

Cisco VPN Routers — Cisco VPN Routers Remote Code Execution Vulnerability

CVSS 9.8
CVE-2018-0147

Cisco Secure Access Control System (ACS) — Cisco Secure Access Control System Java Deserialization Vulnerability

CVSS 9.8
CVE-2018-11138

Quest KACE System Management Appliance — Quest KACE System Management Appliance Remote Command Execution Vulnerability

CVSS 9.8
CVE-2018-1273

VMware Tanzu Spring Data Commons — VMware Tanzu Spring Data Commons Property Binder Vulnerability

CVSS 9.8
CVE-2018-14839

LG N1A1 NAS — LG N1A1 NAS Remote Command Execution Vulnerability

CVSS 9.8
CVE-2018-0151

Cisco IOS and IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability

CVSS 9.8

February 2022

CVE-2018-1000861

Jenkins Jenkins Stapler Web Framework — Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability

CVSS 9.8

January 2022

CVE-2018-13382

Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Improper Authorization

CVSS 9.1

December 2021

CVE-2018-14847

MikroTik RouterOS — MikroTik Router OS Directory Traversal Vulnerability

CVSS 9.1

November 2021

CVE-2018-0171

Cisco IOS and IOS XE — Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

CVSS 9.8
CVE-2018-14558

Tenda AC7, AC9, and AC10 Routers — Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability

CVSS 9.8
CVE-2018-15961

Adobe ColdFusion — Adobe ColdFusion Unrestricted File Upload Vulnerability

CVSS 9.8
CVE-2018-20062

ThinkPHP noneCms — ThinkPHP "noneCms" Remote Code Execution Vulnerability

CVSS 9.8
CVE-2018-4939

Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability

CVSS 9.8
CVE-2018-6789

Exim Exim — Exim Buffer Overflow Vulnerability

CVSS 9.8
CVE-2018-7600

Drupal Drupal Core — Drupal Core Remote Code Execution Vulnerability

CVSS 9.8
CVE-2018-13379

Fortinet FortiOS — Fortinet FortiOS SSL VPN Path Traversal Vulnerability

CVSS 9.1

High 50

January 2026

CVE-2018-14634

Linux Kernel — Linux Kernel Integer Overflow Vulnerability

CVSS 7.8

December 2025

CVE-2018-4063

Sierra Wireless AirLink ALEOS — Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability

CVSS 8.8

March 2025

CVE-2018-8639

Microsoft Windows — Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVSS 7.8

February 2025

CVE-2018-9276

Paessler PRTG Network Monitor — Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVSS 7.2

August 2024

CVE-2018-0824

Microsoft Windows — Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability

CVSS 8.8

January 2024

CVE-2018-15133

Laravel Laravel Framework — Laravel Deserialization of Untrusted Data Vulnerability

CVSS 8.1

December 2022

CVE-2018-5430

TIBCO JasperReports — TIBCO JasperReports Server Information Disclosure Vulnerability

CVSS 8.8

October 2022

CVE-2018-19320

GIGABYTE Multiple Products — GIGABYTE Multiple Products Unspecified Vulnerability

CVSS 7.8
CVE-2018-19321

GIGABYTE Multiple Products — GIGABYTE Multiple Products Privilege Escalation Vulnerability

CVSS 7.8
CVE-2018-19322

GIGABYTE Multiple Products — GIGABYTE Multiple Products Code Execution Vulnerability

CVSS 7.8

June 2022

CVE-2018-17463

Google Chromium V8 — Google Chromium V8 Remote Code Execution Vulnerability

CVSS 8.8
CVE-2018-17480

Google Chromium V8 — Google Chromium V8 Out-of-Bounds Write Vulnerability

CVSS 8.8
CVE-2018-4990

Adobe Acrobat and Reader — Adobe Acrobat and Reader Double Free Vulnerability

CVSS 8.8
CVE-2018-6065

Google Chromium V8 — Google Chromium V8 Integer Overflow Vulnerability

CVSS 8.8
CVE-2018-4344

Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability

CVSS 7.8

May 2022

CVE-2018-19943

QNAP Network Attached Storage (NAS) — QNAP NAS File Station Cross-Site Scripting Vulnerability

CVSS 8
CVE-2018-8611

Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability

CVSS 7.8
CVE-2018-5002

Adobe Flash Player — Adobe Flash Player Stack-based Buffer Overflow Vulnerability

CVSS 7.8
CVE-2018-8589

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7.8

March 2022

CVE-2018-8414

Microsoft Windows — Microsoft Windows Shell Remote Code Execution Vulnerability

CVSS 8.8
CVE-2018-0167

Cisco IOS, XR, and XE Software — Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

CVSS 8.8
CVE-2018-0155

Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches — Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability

CVSS 8.6
CVE-2018-0158

Cisco IOS Software and Cisco IOS XE Software — Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability

CVSS 8.6
CVE-2018-0172

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

CVSS 8.6
CVE-2018-0173

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

CVSS 8.6
CVE-2018-0174

Cisco IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability

CVSS 8.6
CVE-2018-6961

VMware SD-WAN Edge — VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

CVSS 8.1
CVE-2018-0175

Cisco IOS, XR, and XE Software — Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

CVSS 8
CVE-2018-8405

Microsoft DirectX Graphics Kernel (DXGKRNL) — Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

CVSS 7.8
CVE-2018-8406

Microsoft DirectX Graphics Kernel (DXGKRNL) — Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

CVSS 7.8
CVE-2018-8440

Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability

CVSS 7.8
CVE-2018-8373

Microsoft Internet Explorer Scripting Engine — Microsoft Scripting Engine Memory Corruption Vulnerability

CVSS 7.5
CVE-2018-0154

Cisco IOS Software — Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability

CVSS 7.5
CVE-2018-0156

Cisco IOS Software and Cisco IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability

CVSS 7.5
CVE-2018-0159

Cisco IOS Software and Cisco IOS XE Software — Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability

CVSS 7.5
CVE-2018-8298

ChakraCore ChakraCore scripting engine — ChakraCore Scripting Engine Type Confusion Vulnerability

CVSS 7.5
CVE-2018-8581

Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vulnerability

CVSS 7.4
CVE-2018-8120

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7

February 2022

CVE-2018-15982

Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability

CVSS 7.8
CVE-2018-20250

RARLAB WinRAR — WinRAR Absolute Path Traversal Vulnerability

CVSS 7.8
CVE-2018-8174

Microsoft Windows — Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

CVSS 7.5

January 2022

CVE-2018-8453

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7.8

November 2021

CVE-2018-0798

Microsoft Office — Microsoft Office Memory Corruption Vulnerability

CVSS 8.8
CVE-2018-11776

Apache Struts — Apache Struts Remote Code Execution Vulnerability

CVSS 8.1
CVE-2018-0802

Microsoft Office — Microsoft Office Memory Corruption Vulnerability

CVSS 7.8
CVE-2018-4878

Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability

CVSS 7.8
CVE-2018-0296

Cisco Adaptive Security Appliance (ASA) — Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

CVSS 7.5
CVE-2018-15811

DotNetNuke (DNN) DotNetNuke (DNN) — DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

CVSS 7.5
CVE-2018-18325

DotNetNuke (DNN) DotNetNuke (DNN) — DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

CVSS 7.5
CVE-2018-8653

Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

CVSS 7.5

Medium 9

December 2022

CVE-2018-18809

TIBCO JasperReports — TIBCO JasperReports Library Directory Traversal Vulnerability

CVSS 6.5

September 2022

CVE-2018-13374

Fortinet FortiOS and FortiADC — Fortinet FortiOS and FortiADC Improper Access Control Vulnerability

CVSS 4.3

May 2022

CVE-2018-19953

QNAP Network Attached Storage (NAS) — QNAP NAS File Station Cross-Site Scripting Vulnerability

CVSS 6.1

April 2022

CVE-2018-6882

Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1

March 2022

CVE-2018-0161

Cisco IOS Software — Cisco IOS Software Resource Management Errors Vulnerability

CVSS 6.3
CVE-2018-0179

Cisco IOS Software — Cisco IOS Software Denial-of-Service Vulnerability

CVSS 5.9
CVE-2018-0180

Cisco IOS Software — Cisco IOS Software Denial-of-Service Vulnerability

CVSS 5.9

January 2022

CVE-2018-13383

Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Out-of-bounds Write

CVSS 4.3

November 2021

CVE-2018-2380

SAP Customer Relationship Management (CRM) — SAP Customer Relationship Management (CRM) Path Traversal Vulnerability

CVSS 6.6
Gavin Hollinger & AI assembled this air-gap friendly HTML