Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Jun 27, 2022 | CVE-2020-3837 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
|
— | 6.4% |
| Jun 27, 2022 | CVE-2020-9907 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
|
— | 0.5% |
| Jun 27, 2022 | CVE-2021-30533 | Google Chromium PopupBlocker |
Google Chromium PopupBlocker Security Bypass Vulnerability
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This v…
|
— | 16.7% |
| Jun 27, 2022 | CVE-2021-30983 | Apple iOS and iPadOS |
Apple iOS and iPadOS Buffer Overflow Vulnerability
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
|
— | 0.5% |
| Jun 14, 2022 |
CVE-2022-30190
Ransomware |
Microsoft Windows |
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
|
— | 93.6% |
| Jun 8, 2022 | CVE-2006-2492 | Microsoft Word |
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
|
— | 79.1% |
| Jun 8, 2022 | CVE-2007-5659 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
|
— | 92.9% |
| Jun 8, 2022 | CVE-2008-0655 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of…
|
— | 67.3% |
| Jun 8, 2022 | CVE-2009-0557 | Microsoft Office |
Microsoft Office Object Record Corruption Vulnerability
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
|
— | 86.4% |
| Jun 8, 2022 | CVE-2009-0563 | Microsoft Office |
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
|
— | 79.9% |
| Jun 8, 2022 | CVE-2009-1862 | Adobe Acrobat and Reader, Flash Player |
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 58.6% |
| Jun 8, 2022 | CVE-2009-3953 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
|
— | 90.5% |
| Jun 8, 2022 | CVE-2009-4324 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
|
— | 92.9% |
| Jun 8, 2022 | CVE-2010-1297 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.8% |
| Jun 8, 2022 | CVE-2010-2572 | Microsoft PowerPoint |
Microsoft PowerPoint Buffer Overflow Vulnerability
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
|
— | 74.7% |
| Jun 8, 2022 | CVE-2010-2883 | Adobe Acrobat and Reader |
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.8% |
| Jun 8, 2022 | CVE-2011-0609 | Adobe Flash Player |
Adobe Flash Player Unspecified Vulnerability
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 92.1% |
| Jun 8, 2022 | CVE-2011-2462 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-servi…
|
— | 91.6% |
| Jun 8, 2022 | CVE-2012-0151 | Microsoft Windows |
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allow…
|
— | 89.0% |
| Jun 8, 2022 | CVE-2012-0754 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
|
— | 91.5% |
| Jun 8, 2022 | CVE-2012-0767 | Adobe Flash Player |
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
|
— | 14.9% |
| Jun 8, 2022 | CVE-2012-1889 | Microsoft XML Core Services |
Microsoft XML Core Services Memory Corruption Vulnerability
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
|
— | 93.1% |
| Jun 8, 2022 | CVE-2012-4969 | Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
|
— | 91.8% |
| Jun 8, 2022 | CVE-2012-5054 | Adobe Flash Player |
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
|
— | 71.5% |
| Jun 8, 2022 | CVE-2013-1331 | Microsoft Office |
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
|
— | 88.9% |
| Jun 8, 2022 | CVE-2016-1646 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Read Vulnerability
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via c…
|
— | 66.9% |
| Jun 8, 2022 | CVE-2016-5198 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a cr…
|
— | 78.7% |
| Jun 8, 2022 | CVE-2017-5030 | Google Chromium V8 |
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multipl…
|
— | 50.3% |
| Jun 8, 2022 | CVE-2017-5070 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
|
— | 74.4% |
| Jun 8, 2022 | CVE-2018-17463 | Google Chromium V8 |
Google Chromium V8 Remote Code Execution Vulnerability
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could af…
|
— | 92.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.