Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 3, 2022 | CVE-2017-11826 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
|
— | 91.7% |
| Mar 3, 2022 | CVE-2017-12237 | Cisco IOS and IOS XE Software |
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, …
|
— | 9.3% |
| Mar 3, 2022 | CVE-2017-8540 | Microsoft Malware Protection Engine |
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows …
|
— | 79.4% |
| Mar 3, 2022 | CVE-2018-0158 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 14.6% |
| Mar 3, 2022 | CVE-2018-0159 | Cisco IOS Software and Cisco IOS XE Software |
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remo…
|
— | 7.0% |
| Mar 3, 2022 |
CVE-2018-8581
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of …
|
— | 91.8% |
| Mar 3, 2022 | CVE-2019-1297 | Microsoft Excel |
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
|
— | 40.7% |
| Mar 3, 2022 |
CVE-2021-41379
Ransomware |
Microsoft Windows |
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
|
— | 1.0% |
| Feb 25, 2022 | CVE-2014-6352 | Microsoft Windows |
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
|
— | 90.7% |
| Feb 25, 2022 | CVE-2017-0222 | Microsoft Internet Explorer |
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
|
— | 65.3% |
| Feb 25, 2022 | CVE-2017-8570 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
|
— | 94.2% |
| Feb 15, 2022 | CVE-2013-3906 | Microsoft Graphics Component |
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
|
— | 92.4% |
| Feb 15, 2022 | CVE-2014-1761 | Microsoft Word |
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
|
— | 93.3% |
| Feb 15, 2022 |
CVE-2018-8174
Ransomware |
Microsoft Windows |
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
|
— | 94.3% |
| Feb 15, 2022 |
CVE-2019-0752
Ransomware |
Microsoft Internet Explorer |
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
|
— | 91.5% |
| Feb 10, 2022 | CVE-2015-1635 | Microsoft HTTP.sys |
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
|
— | 94.3% |
| Feb 10, 2022 |
CVE-2017-0144
Ransomware |
Microsoft SMBv1 |
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
|
— | 94.3% |
| Feb 10, 2022 |
CVE-2017-0145
Ransomware |
Microsoft SMBv1 |
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
|
— | 93.3% |
| Feb 10, 2022 | CVE-2017-0262 | Microsoft Office |
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office.
|
— | 65.0% |
| Feb 10, 2022 | CVE-2017-0263 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
|
— | 20.8% |
| Feb 10, 2022 | CVE-2017-8464 | Microsoft Windows |
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
|
— | 93.9% |
| Feb 10, 2022 |
CVE-2020-0796
Ransomware |
Microsoft SMBv3 |
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully explo…
|
— | 94.4% |
| Feb 10, 2022 | CVE-2021-36934 | Microsoft Windows |
Microsoft Windows SAM Local Privilege Escalation Vulnerability
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
|
— | 90.4% |
| Feb 4, 2022 | CVE-2022-21882 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 89.1% |
| Jan 28, 2022 | CVE-2014-1776 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
|
— | 84.0% |
| Jan 28, 2022 |
CVE-2020-0787
Ransomware |
Microsoft Windows |
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrar…
|
— | 59.3% |
| Jan 21, 2022 |
CVE-2018-8453
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
|
— | 81.3% |
| Jan 18, 2022 | CVE-2021-33766 | Microsoft Exchange Server |
Microsoft Exchange Server Information Disclosure
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
|
— | 93.8% |
| Jan 10, 2022 | CVE-2013-3900 | Microsoft WinVerifyTrust function |
Microsoft WinVerifyTrust function Remote Code Execution
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
|
— | 75.8% |
| Jan 10, 2022 |
CVE-2019-1458
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
|
— | 92.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.