89 CISA Known Exploited Vulnerabilities from 2018
Paessler PRTG Network Monitor — Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVSS 9.8NUUO NVRmini Devices — NUUO NVRmini Devices OS Command Injection Vulnerability
CVSS 9.8Red Hat JBoss RichFaces Framework — Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
CVSS 9.8GIGABYTE Multiple Products — GIGABYTE Multiple Products Privilege Escalation Vulnerability
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
CVSS 9.8D-Link Multiple Routers — D-Link Multiple Routers OS Command Injection Vulnerability
CVSS 9.8MikroTik RouterOS — MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
CVSS 9.8QNAP Network Attached Storage (NAS) — QNAP NAS File Station Command Injection Vulnerability
CVSS 9.8Schneider Electric U.motion Builder — Schneider Electric U.motion Builder SQL Injection Vulnerability
CVSS 9.8Kaseya Virtual System/Server Administrator (VSA) — Kaseya VSA Remote Code Execution Vulnerability
CVSS 9.8Drupal Core — Drupal Core Remote Code Execution Vulnerability
CVSS 9.8Dasan Gigabit Passive Optical Network (GPON) Routers — Dasan GPON Routers Authentication Bypass Vulnerability
CVSS 9.8Dasan Gigabit Passive Optical Network (GPON) Routers — Dasan GPON Routers Command Injection Vulnerability
CVSS 9.8Cisco VPN Routers — Cisco VPN Routers Remote Code Execution Vulnerability
CVSS 9.8Cisco Secure Access Control System (ACS) — Cisco Secure Access Control System Java Deserialization Vulnerability
CVSS 9.8Quest KACE System Management Appliance — Quest KACE System Management Appliance Remote Command Execution Vulnerability
CVSS 9.8VMware Tanzu Spring Data Commons — VMware Tanzu Spring Data Commons Property Binder Vulnerability
CVSS 9.8LG N1A1 NAS — LG N1A1 NAS Remote Command Execution Vulnerability
CVSS 9.8Cisco IOS and IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
CVSS 9.8Jenkins Jenkins Stapler Web Framework — Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
CVSS 9.8Cisco IOS and IOS XE — Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
CVSS 9.8Tenda AC7, AC9, and AC10 Routers — Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Unrestricted File Upload Vulnerability
CVSS 9.8ThinkPHP noneCms — ThinkPHP "noneCms" Remote Code Execution Vulnerability
CVSS 9.8Adobe ColdFusion — Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
CVSS 9.8Exim Exim — Exim Buffer Overflow Vulnerability
CVSS 9.8Drupal Drupal Core — Drupal Core Remote Code Execution Vulnerability
CVSS 9.8Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Improper Authorization
CVSS 9.1MikroTik RouterOS — MikroTik Router OS Directory Traversal Vulnerability
CVSS 9.1Fortinet FortiOS — Fortinet FortiOS SSL VPN Path Traversal Vulnerability
CVSS 9.1Sierra Wireless AirLink ALEOS — Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
CVSS 8.8Microsoft Windows — Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
CVSS 8.8TIBCO JasperReports — TIBCO JasperReports Server Information Disclosure Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Remote Code Execution Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Out-of-Bounds Write Vulnerability
CVSS 8.8Adobe Acrobat and Reader — Adobe Acrobat and Reader Double Free Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Integer Overflow Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Shell Remote Code Execution Vulnerability
CVSS 8.8Cisco IOS, XR, and XE Software — Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
CVSS 8.8Microsoft Office — Microsoft Office Memory Corruption Vulnerability
CVSS 8.8Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches — Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
CVSS 8.6Cisco IOS Software and Cisco IOS XE Software — Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
CVSS 8.6Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
CVSS 8.6Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
CVSS 8.6Cisco IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
CVSS 8.6Laravel Laravel Framework — Laravel Deserialization of Untrusted Data Vulnerability
CVSS 8.1VMware SD-WAN Edge — VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
CVSS 8.1Apache Struts — Apache Struts Remote Code Execution Vulnerability
CVSS 8.1QNAP Network Attached Storage (NAS) — QNAP NAS File Station Cross-Site Scripting Vulnerability
CVSS 8Cisco IOS, XR, and XE Software — Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
CVSS 8Linux Kernel — Linux Kernel Integer Overflow Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVSS 7.8GIGABYTE Multiple Products — GIGABYTE Multiple Products Unspecified Vulnerability
CVSS 7.8GIGABYTE Multiple Products — GIGABYTE Multiple Products Privilege Escalation Vulnerability
CVSS 7.8GIGABYTE Multiple Products — GIGABYTE Multiple Products Code Execution Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability
CVSS 7.8Adobe Flash Player — Adobe Flash Player Stack-based Buffer Overflow Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft DirectX Graphics Kernel (DXGKRNL) — Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
CVSS 7.8Microsoft DirectX Graphics Kernel (DXGKRNL) — Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability
CVSS 7.8Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability
CVSS 7.8RARLAB WinRAR — WinRAR Absolute Path Traversal Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Office — Microsoft Office Memory Corruption Vulnerability
CVSS 7.8Adobe Flash Player — Adobe Flash Player Use-After-Free Vulnerability
CVSS 7.8Microsoft Internet Explorer Scripting Engine — Microsoft Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Cisco IOS Software — Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
CVSS 7.5Cisco IOS Software and Cisco IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
CVSS 7.5Cisco IOS Software and Cisco IOS XE Software — Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
CVSS 7.5ChakraCore ChakraCore scripting engine — ChakraCore Scripting Engine Type Confusion Vulnerability
CVSS 7.5Microsoft Windows — Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
CVSS 7.5Cisco Adaptive Security Appliance (ASA) — Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
CVSS 7.5DotNetNuke (DNN) DotNetNuke (DNN) — DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
CVSS 7.5DotNetNuke (DNN) DotNetNuke (DNN) — DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vulnerability
CVSS 7.4Paessler PRTG Network Monitor — Paessler PRTG Network Monitor OS Command Injection Vulnerability
CVSS 7.2Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7SAP Customer Relationship Management (CRM) — SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
CVSS 6.6TIBCO JasperReports — TIBCO JasperReports Library Directory Traversal Vulnerability
CVSS 6.5Cisco IOS Software — Cisco IOS Software Resource Management Errors Vulnerability
CVSS 6.3QNAP Network Attached Storage (NAS) — QNAP NAS File Station Cross-Site Scripting Vulnerability
CVSS 6.1Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Cisco IOS Software — Cisco IOS Software Denial-of-Service Vulnerability
CVSS 5.9Cisco IOS Software — Cisco IOS Software Denial-of-Service Vulnerability
CVSS 5.9Fortinet FortiOS and FortiADC — Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
CVSS 4.3Fortinet FortiOS and FortiProxy — Fortinet FortiOS and FortiProxy Out-of-bounds Write
CVSS 4.3