Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 271–300 of 383 CVEs · Page 10 of 13 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2017-11826 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
91.7%
Mar 3, 2022 CVE-2017-12237 Cisco IOS and IOS XE Software
m365 mobile network
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, …
9.3%
Mar 3, 2022 CVE-2017-8540 Microsoft Malware Protection Engine
endpoint m365 smb essential
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows …
79.4%
Mar 3, 2022 CVE-2018-0158 Cisco IOS Software and Cisco IOS XE Software
m365 mobile network
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
14.6%
Mar 3, 2022 CVE-2018-0159 Cisco IOS Software and Cisco IOS XE Software
m365 mobile network
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
7.0%
Mar 3, 2022 CVE-2018-8581
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of …
91.8%
Mar 3, 2022 CVE-2019-1297 Microsoft Excel
endpoint m365 smb essential
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
40.7%
Mar 3, 2022 CVE-2021-41379
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
1.0%
Feb 25, 2022 CVE-2014-6352 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
90.7%
Feb 25, 2022 CVE-2017-0222 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
65.3%
Feb 25, 2022 CVE-2017-8570 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
94.2%
Feb 15, 2022 CVE-2013-3906 Microsoft Graphics Component
endpoint m365 smb essential
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
92.4%
Feb 15, 2022 CVE-2014-1761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
93.3%
Feb 15, 2022 CVE-2018-8174
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
94.3%
Feb 15, 2022 CVE-2019-0752
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
91.5%
Feb 10, 2022 CVE-2015-1635 Microsoft HTTP.sys
endpoint m365 smb essential
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
94.3%
Feb 10, 2022 CVE-2017-0144
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
94.3%
Feb 10, 2022 CVE-2017-0145
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
93.3%
Feb 10, 2022 CVE-2017-0262 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office.
65.0%
Feb 10, 2022 CVE-2017-0263 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
20.8%
Feb 10, 2022 CVE-2017-8464 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
93.9%
Feb 10, 2022 CVE-2020-0796
Ransomware
Microsoft SMBv3
endpoint m365 smb essential
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully explo…
94.4%
Feb 10, 2022 CVE-2021-36934 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SAM Local Privilege Escalation Vulnerability
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
90.4%
Feb 4, 2022 CVE-2022-21882 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
89.1%
Jan 28, 2022 CVE-2014-1776 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
84.0%
Jan 28, 2022 CVE-2020-0787
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrar…
59.3%
Jan 21, 2022 CVE-2018-8453
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
81.3%
Jan 18, 2022 CVE-2021-33766 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Information Disclosure
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
93.8%
Jan 10, 2022 CVE-2013-3900 Microsoft WinVerifyTrust function
endpoint m365 smb essential
Microsoft WinVerifyTrust function Remote Code Execution
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
75.8%
Jan 10, 2022 CVE-2019-1458
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
92.2%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.