118 CISA Known Exploited Vulnerabilities from 2019
Mozilla Firefox and Thunderbird — Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
CVSS 10Elastic Kibana — Kibana Arbitrary Code Execution
CVSS 10Ivanti Pulse Connect Secure — Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
CVSS 10Jenkins Script Security Plugin — Jenkins Script Security Plugin Sandbox Bypass Vulnerability
CVSS 9.9Jenkins Matrix Project Plugin — Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
CVSS 9.9MongoDB mongo-express — MongoDB mongo-express Remote Code Execution Vulnerability
CVSS 9.9Sangoma FreePBX — Sangoma FreePBX Improper Authentication Vulnerability
CVSS 9.8Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVSS 9.8Nostromo nhttpd — Nostromo nhttpd Directory Traversal Vulnerability
CVSS 9.8SAP Commerce Cloud — SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVSS 9.8Nice Linear eMerge E3-Series — Nice Linear eMerge E3-Series OS Command Injection Vulnerability
CVSS 9.8D-Link DIR-859 Router — D-Link DIR-859 Router Command Execution Vulnerability
CVSS 9.8QNAP Photo Station — QNAP Photo Station Improper Access Control Vulnerability
CVSS 9.8QNAP QTS — QNAP QTS Improper Input Validation Vulnerability
CVSS 9.8QNAP Photo Station — QNAP Photo Station Path Traversal Vulnerability
CVSS 9.8QNAP Photo Station — QNAP Photo Station Path Traversal Vulnerability
CVSS 9.8Meta Platforms WhatsApp — WhatsApp VOIP Stack Buffer Overflow Vulnerability
CVSS 9.8D-Link DNS-320 Storage Device — D-Link DNS-320 Remote Code Execution Vulnerability
CVSS 9.8Crestron Multiple Products — Crestron Multiple Products Command Injection Vulnerability
CVSS 9.8Kentico Xperience — Kentico Xperience Deserialization of Untrusted Data Vulnerability
CVSS 9.8Citrix SD-WAN and NetScaler — Citrix SD-WAN and NetScaler SQL Injection Vulnerability
CVSS 9.8Webmin Webmin — Webmin Command Injection Vulnerability
CVSS 9.8D-Link Multiple Routers — D-Link Multiple Routers Command Injection Vulnerability
CVSS 9.8Atlassian Jira Server and Data Center — Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
CVSS 9.8Exim Exim Internet Mailer — Exim Out-of-bounds Write Vulnerability
CVSS 9.8Exim Mail Transfer Agent (MTA) — Exim Mail Transfer Agent (MTA) Improper Input Validation
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server, Injection
CVSS 9.8Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
CVSS 9.8Sonatype Nexus Repository Manager — Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability
CVSS 9.8Microsoft SharePoint — Microsoft SharePoint Remote Code Execution Vulnerability
CVSS 9.8Microsoft RDP 'BlueKeep' — Use-After-Free in Remote Desktop Services Allows Wormable Pre-Auth Remote Code Execution
CVSS 9.8Atlassian Crowd and Crowd Data Center — Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
CVSS 9.8Citrix Workspace Application and Receiver for Windows — Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
CVSS 9.8SIMalliance Toolbox Browser — SIMalliance Toolbox Browser Command Injection Vulnerability
CVSS 9.8vBulletin vBulletin — vBulletin PHP Module Remote Code Execution Vulnerability
CVSS 9.8Progress Telerik UI for ASP.NET AJAX — Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
CVSS 9.8Citrix ADC/NetScaler — Path Traversal Enables Unauthenticated Remote Code Execution; 6-Week Unpatched Window Drives Mass Exploitation
CVSS 9.8Atlassian Confluence Server and Data Server — Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
CVSS 9.8IBM Planning Analytics — IBM Planning Analytics Remote Code Execution Vulnerability
CVSS 9.8VMware VMware ESXi and Horizon DaaS — VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
CVSS 9.8Sitecore CMS and Experience Platform (XP) — Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVSS 8.8Cisco RV Series Routers — Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
CVSS 8.8Oracle Solaris — Oracle Solaris Privilege Escalation Vulnerability
CVSS 8.8Mozilla Firefox and Thunderbird — Mozilla Firefox and Thunderbird Type Confusion Vulnerability
CVSS 8.8Google Chrome WebAudio — Google Chrome WebAudio Use-After-Free Vulnerability
CVSS 8.8WebKitGTK WebKitGTK — WebKitGTK Memory Corruption Vulnerability
CVSS 8.8Apple Multiple Products — Apple Multiple Products Type Confusion Vulnerability
CVSS 8.8Microsoft Graphics Device Interface (GDI) — Microsoft GDI Remote Code Execution Vulnerability
CVSS 8.8Citrix SD-WAN and NetScaler — Citrix SD-WAN and NetScaler Command Injection Vulnerability
CVSS 8.8Microsoft Excel — Microsoft Excel Remote Code Execution Vulnerability
CVSS 8.8Microsoft MSHTML — Microsoft MSHTML Remote Code Execution Vulnerability
CVSS 8.8Nagios Nagios XI — Nagios XI Remote Code Execution Vulnerability
CVSS 8.8Mozilla Firefox and Thunderbird — Mozilla Firefox And Thunderbird Type Confusion Vulnerability
CVSS 8.8Atlassian Confluence Server and Data Center — Atlassian Confluence Server and Data Center Path Traversal Vulnerability
CVSS 8.8ThinkPHP ThinkPHP — ThinkPHP Remote Code Execution Vulnerability
CVSS 8.8PHP FastCGI Process Manager (FPM) — PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVSS 8.7Meta Platforms WhatsApp — WhatsApp Cross-Site Scripting Vulnerability
CVSS 8.2Drupal Core — Drupal Core Remote Code Execution Vulnerability
CVSS 8.1Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
CVSS 8.1D-Link DWL-2600AP Access Point — D-Link DWL-2600AP Access Point Command Injection Vulnerability
CVSS 7.8Apple macOS — Apple macOS Use-After-Free Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Use-After-Free Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Apple iOS — Apple iOS Memory Corruption Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVSS 7.8Microsoft Task Scheduler — Microsoft Task Scheduler Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Linux Kernel — Linux Kernel Improper Privilege Management Vulnerability
CVSS 7.8Apache HTTP Server — Apache HTTP Server Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability
CVSS 7.8Docker Desktop Community Edition — Docker Desktop Community Edition Privilege Escalation Vulnerability
CVSS 7.8Android Android Kernel — Android Kernel Use-After-Free Vulnerability
CVSS 7.8Rails Ruby on Rails — Rails Ruby on Rails Path Traversal Vulnerability
CVSS 7.5Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
CVSS 7.5SonicWall SMA100 — SonicWall SMA100 Directory Traversal Vulnerability
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Type Confusion Vulnerability
CVSS 7.5Citrix StoreFront Server — Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Cisco Small Business RV320 and RV325 Routers — Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
CVSS 7.5Apache Solr — Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability
CVSS 7.5Trend Micro OfficeScan — Trend Micro OfficeScan Directory Traversal Vulnerability
CVSS 7.5Netis WF2419 Devices — Netis WF2419 Devices Remote Code Execution Vulnerability
CVSS 7.5TVT NVMS-1000 — TVT NVMS-1000 Directory Traversal Vulnerability
CVSS 7.5Apple iOS and macOS — Apple iOS and macOS Group Facetime Vulnerability
CVSS 7.5SonicWall SMA100 — SonicWall SMA100 SQL Injection Vulnerability
CVSS 7.5Reolink Multiple IP Cameras — Reolink Multiple IP Cameras OS Command Injection Vulnerability
CVSS 7.2Oracle BI Publisher (Formerly XML Publisher) — Oracle BI Publisher Unauthorized Access Vulnerability
CVSS 7.2Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers — Cisco Small Business Routers Improper Input Validation Vulnerability
CVSS 7.2Apache Solr — Apache Solr DataImportHandler Code Injection Vulnerability
CVSS 7.2Ivanti Pulse Connect Secure and Pulse Policy Secure — Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
CVSS 7.2TeamViewer Desktop — TeamViewer Desktop Bypass Remote Login Vulnerability
CVSS 7Fortinet FortiOS — Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
CVSS 6.5Google Chromium V8 — Google Chromium V8 Out-of-Bounds Write Vulnerability
CVSS 6.5Microsoft Internet Explorer — Microsoft Internet Explorer Information Disclosure Vulnerability
CVSS 6.5Microsoft Windows — Microsoft Windows SMB Information Disclosure Vulnerability
CVSS 6.5Google Chrome Blink — Google Chrome Blink Use-After-Free Vulnerability
CVSS 6.5Fortinet FortiOS — Fortinet FortiOS Default Configuration Vulnerability
CVSS 6.5Zoho ManageEngine — Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
CVSS 6.5WordPress Social Warfare Plugin — WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1