146 CISA Known Exploited Vulnerabilities from 2020
Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVSS 10Microsoft SMBv3 — Microsoft SMBv3 Remote Code Execution Vulnerability
CVSS 10Microsoft Windows — Microsoft Windows DNS Server Remote Code Execution Vulnerability
CVSS 10Oracle Solaris and Zettabyte File System (ZFS) — Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
CVSS 10WordPress File Manager Plugin — WordPress File Manager Plugin Remote Code Execution Vulnerability
CVSS 10SAP NetWeaver — SAP NetWeaver Missing Authentication for Critical Function Vulnerability
CVSS 10Synacor Zimbra Collaboration Suite — Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
CVSS 9.8Sophos XG Firewall — Sophos XG Firewall Buffer Overflow Vulnerability
CVSS 9.8Sophos CyberoamOS — CyberoamOS (CROS) SQL Injection Vulnerability
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
CVSS 9.8DrayTek Multiple Vigor Routers — DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability
CVSS 9.8Oracle Fusion Middleware — Oracle Fusion Middleware Unspecified Vulnerability
CVSS 9.8Roundcube Roundcube Webmail — Roundcube Webmail Remote Code Execution Vulnerability
CVSS 9.8QNAP QNAP Network-Attached Storage (NAS) — QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
CVSS 9.8Sophos SG UTM — Sophos SG UTM Remote Code Execution Vulnerability
CVSS 9.8OpenBSD OpenSMTPD — OpenSMTPD Remote Code Execution Vulnerability
CVSS 9.8Zyxel Multiple Network-Attached Storage (NAS) Devices — Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVSS 9.8SonicWall SonicOS — SonicWall SonicOS Buffer Overflow Vulnerability
CVSS 9.8Apache Tomcat — Apache Tomcat Improper Privilege Management Vulnerability
CVSS 9.8Grandstream UCM6200 — Grandstream Networks UCM6200 Series SQL Injection Vulnerability
CVSS 9.8Apache Airflow's Experimental API — Apache Airflow's Experimental API Authentication Bypass
CVSS 9.8Fuel CMS Fuel CMS — Fuel CMS SQL Injection Vulnerability
CVSS 9.8Microsoft .NET Framework — Microsoft .NET Framework Remote Code Execution Vulnerability
CVSS 9.8SolarWinds Orion — SolarWinds Orion Authentication Bypass Vulnerability
CVSS 9.8Sumavision Enhanced Multimedia Router (EMR) — Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability
CVSS 9.8Zoho ManageEngine — Zoho ManageEngine Desktop Central File Upload Vulnerability
CVSS 9.8Tenda AC1900 Router AC15 Model — Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
CVSS 9.8SaltStack Salt — SaltStack Salt Authentication Bypass Vulnerability
CVSS 9.8Sophos SFOS — Sophos SFOS SQL Injection Vulnerability
CVSS 9.8Fortinet FortiOS — Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability
CVSS 9.8Oracle WebLogic Server — Oracle WebLogic Server Remote Code Execution Vulnerability
CVSS 9.8MobileIron Core / Sentry / Connector — Unauthenticated RCE via Apache/Tomcat ACL Bypass and Hessian Java Deserialization
CVSS 9.8SaltStack Salt — SaltStack Salt Shell Injection Vulnerability
CVSS 9.8vBulletin vBulletin — vBulletin PHP Module Remote Code Execution Vulnerability
CVSS 9.8Apache Struts — Apache Struts Remote Code Execution Vulnerability
CVSS 9.8D-Link DNS-320 Device — D-Link DNS-320 Device Command Injection Vulnerability
CVSS 9.8Oracle Multiple Products — Oracle Multiple Products Remote Code Execution Vulnerability
CVSS 9.8NETGEAR JGS516PE Devices — Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability
CVSS 9.8D-Link DIR-825 R1 Devices — D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
CVSS 9.8Zyxel Multiple Products — Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
CVSS 9.8Cisco Cisco IP Phones — Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
CVSS 9.8VMware vCenter Server — VMware vCenter Server Information Disclosure Vulnerability
CVSS 9.8VMware ESXi — VMware ESXi OpenSLP Use-After-Free Vulnerability
CVSS 9.8IBM Data Risk Manager — IBM Data Risk Manager Security Bypass Vulnerability
CVSS 9.8Unraid Unraid — Unraid Remote Code Execution Vulnerability
CVSS 9.8F5 BIG-IP — F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
CVSS 9.8SAP Solution Manager — SAP Solution Manager Missing Authentication for Critical Function Vulnerability
CVSS 9.8Liferay Liferay Portal — Liferay Portal Deserialization of Untrusted Data Vulnerability
CVSS 9.8DrayTek Multiple Vigor Routers — Multiple DrayTek Vigor Routers Web Management Page Vulnerability
CVSS 9.8Trend Micro Apex One and OfficeScan — Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
CVSS 9.8PlaySMS PlaySMS — PlaySMS Server-Side Template Injection Vulnerability
CVSS 9.8EyesOfNetwork EyesOfNetwork — EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
CVSS 9.8Google Chrome FreeType — Google Chrome FreeType Heap Buffer Overflow Vulnerability
CVSS 9.6Google Chrome for Android UI — Google Chrome for Android UI Heap Buffer Overflow Vulnerability
CVSS 9.6Google Chrome — Google Chrome Use-After-Free Vulnerability
CVSS 9.6VMware Multiple Products — Multiple VMware Products Command Injection Vulnerability
CVSS 9.1IBM Data Risk Manager — IBM Data Risk Manager Remote Code Execution Vulnerability
CVSS 9.1Microsoft Hyper-V RemoteFX — Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVSS 9TP-Link TL-WA855RE — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
CVSS 8.8D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
CVSS 8.8Microsoft SQL Server — Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
CVSS 8.8Juniper Junos OS — Juniper Junos OS Path Traversal Vulnerability
CVSS 8.8Apache Kylin — Apache Kylin OS Command Injection Vulnerability
CVSS 8.8D-Link DIR-610 Devices — D-Link DIR-610 Devices Remote Command Execution
CVSS 8.8Apache Airflow — Apache Airflow Command Injection
CVSS 8.8Drupal Drupal core — Drupal core Un-restricted Upload of File
CVSS 8.8Google Chrome Media — Google Chrome Media Use-After-Free Vulnerability
CVSS 8.8Microsoft Exchange Server — Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
CVSS 8.8Sonatype Nexus Repository — Sonatype Nexus Repository Remote Code Execution Vulnerability
CVSS 8.8Microsoft Windows — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
CVSS 8.8rConfig rConfig — rConfig OS Command Injection Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Incorrect Implementation Vulnerabililty
CVSS 8.8Cisco IOS XR — Cisco IOS XR Software Discovery Protocol Format String Vulnerability
CVSS 8.8Amcrest Cameras and Network Video Recorder (NVR) — Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability
CVSS 8.8Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability
CVSS 8.8Trend Micro Apex One and OfficeScan — Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
CVSS 8.8Trend Micro Apex One, OfficeScan and Worry-Free Business Security Agents — Trend Micro Multiple Products Content Validation Escape Vulnerability
CVSS 8.8Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
CVSS 8.8Cisco IOS XR — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVSS 8.6Cisco IOS XR — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
CVSS 8.6Microsoft Exchange Server — Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.4Microsoft Windows — Microsoft Windows CryptoAPI Spoofing Vulnerability
CVSS 8.1Mozilla Firefox and Thunderbird — Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
CVSS 8.1Mozilla Firefox and Thunderbird — Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
CVSS 8.1Adobe Acrobat & Reader — Heap Use-After-Free in PDF Object Processing Leading to Code Execution
CVSS 7.8Cisco AnyConnect Secure — Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
CVSS 7.8PEAR Archive_Tar — PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Microsoft Update Notification Manager — Microsoft Update Notification Manager Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
CVSS 7.8Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables — Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
CVSS 7.8Android Android Kernel — Android Kernel Out-of-Bounds Write Vulnerability
CVSS 7.8MediaTek Multiple Chipsets — Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Installer Privilege Escalation Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability
CVSS 7.8Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability
CVSS 7.8Microsoft .NET Framework, SharePoint, Visual Studio — Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
CVSS 7.8Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Spoofing Vulnerability
CVSS 7.8Microsoft Windows — Microsoft Windows Kernel Privilege Escalation Vulnerability
CVSS 7.8Trend Micro Apex One, OfficeScan, and Worry-Free Business Security — Trend Micro Multiple Products Improper Access Control Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Type Confusion Vulnerability
CVSS 7.8VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulnerability
CVSS 7.8EyesOfNetwork EyesOfNetwork — EyesOfNetwork Improper Privilege Management Vulnerability
CVSS 7.8Apple Multiple Products — Apple Multiple Products Code Execution Vulnerability
CVSS 7.8D-Link DCS-2530L and DCS-2670L Devices — D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
CVSS 7.5Apache Flink — Apache Flink Improper Access Control Vulnerability
CVSS 7.5Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Information Disclosure Vulnerability
CVSS 7.5PEAR Archive_Tar — PEAR Archive_Tar Improper Link Resolution Vulnerability
CVSS 7.5VMware Tanzu Spring Cloud Configuration (Config) Server — VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
CVSS 7.5Oracle Intelligence Enterprise Edition — Oracle Business Intelligence Enterprise Edition Path Transversal
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.5Microsoft Internet Explorer — Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
CVSS 7.5WordPress Snap Creek Duplicator Plugin — WordPress Snap Creek Duplicator Plugin File Download Vulnerability
CVSS 7.5Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Read-Only Path Traversal Vulnerability
CVSS 7.5Unraid Unraid — Unraid Authentication Bypass Vulnerability
CVSS 7.5QNAP Systems Helpdesk — QNAP Helpdesk Improper Access Control Vulnerability
CVSS 7.3Plex Media Server — Plex Media Server Remote Code Execution Vulnerability
CVSS 7.2Pulse Secure Pulse Connect Secure — Pulse Connect Secure Code Injection Vulnerability
CVSS 7.2Pi-hole AdminLTE — Pi-Hole AdminLTE Remote Code Execution Vulnerability
CVSS 7.2Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability
CVSS 7.2Ivanti Pulse Connect Secure — Ivanti Pulse Connect Secure Code Execution Vulnerability
CVSS 7.2Ivanti Pulse Connect Secure — Ivanti Pulse Connect Secure Code Execution Vulnerability
CVSS 7.2JQuery JQuery — JQuery Cross-Site Scripting (XSS) Vulnerability
CVSS 6.9Cisco AnyConnect Secure — Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
CVSS 6.5SaltStack Salt — SaltStack Salt Path Traversal Vulnerability
CVSS 6.5Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
CVSS 6.5Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
CVSS 6.5Roundcube Webmail — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Roundcube Roundcube Webmail — Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) — Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
CVSS 6.1Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Input Validation Vulnerability
CVSS 5.5Microsoft Netlogon 'ZeroLogon' — AES-CFB8 Zero-IV Authentication Bypass Allows Instant Domain Controller Takeover
CVSS 5.5Apple Multiple Products — Apple Multiple Products Memory Initialization Vulnerability
CVSS 5.5Treck TCP/IP stack IPv6 — Treck TCP/IP stack Out-of-Bounds Read Vulnerability
CVSS 5.4IBM Data Risk Manager — IBM Data Risk Manager Directory Traversal Vulnerability
CVSS 4.3Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance — Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
CVSS 4.3Apple iOS, iPadOS, and watchOS — Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
CVSS 4.3Microsoft Edge and Internet Explorer — Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
CVSS 4.2