Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 271–300 of 667 CVEs · Page 10 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jun 27, 2022 CVE-2020-3837 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
6.4%
Jun 27, 2022 CVE-2020-9907 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
0.5%
Jun 27, 2022 CVE-2021-30533 Google Chromium PopupBlocker
browser smb essential
Google Chromium PopupBlocker Security Bypass Vulnerability
Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This v…
16.7%
Jun 27, 2022 CVE-2021-30983 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Buffer Overflow Vulnerability
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
0.5%
Jun 14, 2022 CVE-2022-30190
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnera…
93.6%
Jun 8, 2022 CVE-2006-2492 Microsoft Word
endpoint m365 smb essential
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
79.1%
Jun 8, 2022 CVE-2007-5659 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
92.9%
Jun 8, 2022 CVE-2008-0655 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of…
67.3%
Jun 8, 2022 CVE-2009-0557 Microsoft Office
endpoint m365 smb essential
Microsoft Office Object Record Corruption Vulnerability
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
86.4%
Jun 8, 2022 CVE-2009-0563 Microsoft Office
endpoint m365 smb essential
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
79.9%
Jun 8, 2022 CVE-2009-1862 Adobe Acrobat and Reader, Flash Player
smb essential
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
58.6%
Jun 8, 2022 CVE-2009-3953 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
90.5%
Jun 8, 2022 CVE-2009-4324 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
92.9%
Jun 8, 2022 CVE-2010-1297 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.8%
Jun 8, 2022 CVE-2010-2572 Microsoft PowerPoint
endpoint m365 smb essential
Microsoft PowerPoint Buffer Overflow Vulnerability
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
74.7%
Jun 8, 2022 CVE-2010-2883 Adobe Acrobat and Reader
smb essential
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.8%
Jun 8, 2022 CVE-2011-0609 Adobe Flash Player
smb essential
Adobe Flash Player Unspecified Vulnerability
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
92.1%
Jun 8, 2022 CVE-2011-2462 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-servi…
91.6%
Jun 8, 2022 CVE-2012-0151 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allow…
89.0%
Jun 8, 2022 CVE-2012-0754 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
91.5%
Jun 8, 2022 CVE-2012-0767 Adobe Flash Player
smb essential
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability
Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
14.9%
Jun 8, 2022 CVE-2012-1889 Microsoft XML Core Services
endpoint m365 smb essential
Microsoft XML Core Services Memory Corruption Vulnerability
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
93.1%
Jun 8, 2022 CVE-2012-4969 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
91.8%
Jun 8, 2022 CVE-2012-5054 Adobe Flash Player
smb essential
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
71.5%
Jun 8, 2022 CVE-2013-1331 Microsoft Office
endpoint m365 smb essential
Microsoft Office Buffer Overflow Vulnerability
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
88.9%
Jun 8, 2022 CVE-2016-1646 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Read Vulnerability
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via c…
66.9%
Jun 8, 2022 CVE-2016-5198 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a cr…
78.7%
Jun 8, 2022 CVE-2017-5030 Google Chromium V8
browser smb essential
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multipl…
50.3%
Jun 8, 2022 CVE-2017-5070 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
74.4%
Jun 8, 2022 CVE-2018-17463 Google Chromium V8
browser smb essential
Google Chromium V8 Remote Code Execution Vulnerability
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could af…
92.2%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.