Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 271–300 of 531 CVEs · Page 10 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 24, 2022 CVE-2017-0005 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
12.9%
May 24, 2022 CVE-2017-0022 Microsoft XML Core Services
endpoint m365 smb essential
Microsoft XML Core Services Information Disclosure Vulnerability
Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.
36.7%
May 24, 2022 CVE-2017-0147
Ransomware
Microsoft SMBv1 server
endpoint m365 smb essential
Microsoft Windows SMBv1 Information Disclosure Vulnerability
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
92.8%
May 24, 2022 CVE-2017-0149 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
34.0%
May 24, 2022 CVE-2017-0210 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
43.0%
May 24, 2022 CVE-2017-8543 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
85.1%
May 24, 2022 CVE-2018-8611 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
16.4%
May 23, 2022 CVE-2018-8589 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in…
50.4%
May 23, 2022 CVE-2019-0676 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test fo…
23.8%
May 23, 2022 CVE-2019-0703 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
19.2%
May 23, 2022 CVE-2019-0880 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on…
4.1%
May 23, 2022 CVE-2019-1130
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
1.9%
May 23, 2022 CVE-2019-1385
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
0.5%
May 23, 2022 CVE-2019-7286 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
1.6%
May 23, 2022 CVE-2019-7287 Apple iOS
endpoint mobile smb essential
Apple iOS Memory Corruption Vulnerability
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
4.9%
May 23, 2022 CVE-2020-0638
Ransomware
Microsoft Update Notification Manager
endpoint m365 smb essential
Microsoft Update Notification Manager Privilege Escalation Vulnerability
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
1.5%
May 23, 2022 CVE-2020-1027 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute…
11.9%
May 23, 2022 CVE-2021-30883 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
0.4%
May 4, 2022 CVE-2014-0322 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
93.0%
May 4, 2022 CVE-2014-4113 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
78.5%
May 4, 2022 CVE-2019-8506 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
8.0%
May 4, 2022 CVE-2021-1789 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
0.2%
Apr 25, 2022 CVE-2021-40450 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
4.1%
Apr 25, 2022 CVE-2021-41357 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
4.0%
Apr 25, 2022 CVE-2022-21919 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
0.3%
Apr 25, 2022 CVE-2022-26904 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
23.0%
Apr 19, 2022 CVE-2022-22718 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
7.7%
Apr 13, 2022 CVE-2015-2502 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
21.7%
Apr 13, 2022 CVE-2022-24521
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
7.5%
Apr 11, 2022 CVE-2021-42278
Ransomware
Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
94.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.