| CVE ID | Title | Severity | References | |||
|---|---|---|---|---|---|---|
| Microsoft Exchange Server Elevation of Privilege Vulnerability | HIGH | 8.8v3.1 | 9.40 | KEV | 2022. 10. 03. | |
| CVE-2020-0688 |
| A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. |
HIGH |
| 8.8v3.1 |
9.40 |
KEV KISA |
| 2020. 02. 11. |
| CVE-2017-9822 | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | HIGH | 8.8v3.1 | 9.40 | KEV | 2017. 07. 20. |
| CVE-2017-6884 | A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | HIGH | 8.8v3.1 | 9.40 | KEV | 2017. 04. 06. |
| CVE-2017-0146 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | HIGH | 8.8v3.1 | 9.40 | KEV | 2017. 03. 17. |
| CVE-2017-0145 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | HIGH | 8.8v3.1 | 9.40 | KEV | 2017. 03. 17. |
| CVE-2017-0144 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | HIGH | 8.8v3.1 | 9.40 | KEV | 2017. 03. 17. |
| CVE-2017-0143 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | HIGH | 8.8v3.1 | 9.40 | KEV KISA | 2017. 03. 17. |
| CVE-2019-11043 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | HIGH | 8.7v3.1 | 9.35 | KEV | 2019. 10. 28. |
| CVE-2024-1708 | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | HIGH | 8.4v3.1 | 9.20 | KEV | 2024. 02. 21. |
| CVE-2019-1579 | Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. | HIGH | 8.1v3.1 | 9.05 | KEV KISA | 2019. 07. 19. |
| CVE-2017-12615 | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | HIGH | 8.1v3.1 | 9.05 | KEV KISA | 2017. 09. 19. |
| CVE-2017-0148 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. | HIGH | 8.1v3.1 | 9.05 | KEV | 2017. 03. 17. |
| CVE-2022-41082 | Microsoft Exchange Server Remote Code Execution Vulnerability | HIGH | 8.0v3.1 | 9.00 | KEV | 2022. 10. 03. |
| CVE-2026-2441 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | HIGH | 8.8v3.1 | 8.90 | KEV KISA | 2026. 02. 13. |
| CVE-2023-43000 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption. | HIGH | 8.8v3.1 | 8.90 | KEV | 2025. 11. 05. |
| CVE-2025-33053 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | HIGH | 8.8v3.1 | 8.90 | KEV KISA | 2025. 06. 10. |
| CVE-2023-49897 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. | HIGH | 8.8v3.1 | 8.90 | KEV | 2023. 12. 06. |
| CVE-2023-46748 | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | HIGH | 8.8v3.1 | 8.90 | KEV | 2023. 10. 26. |
| CVE-2023-39780 | On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348. | HIGH | 8.8v3.1 | 8.90 | KEV | 2023. 09. 11. |