Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 301–330 of 383 CVEs · Page 11 of 13 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Dec 15, 2021 CVE-2021-43890
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Installer Spoofing Vulnerability
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
25.2%
Nov 17, 2021 CVE-2021-40449
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Win32k Privilege Escalation Vulnerability
Unspecified vulnerability allows for an authenticated user to escalate privileges.
91.5%
Nov 17, 2021 CVE-2021-42292 Microsoft Office
endpoint m365 smb essential
Microsoft Excel Security Feature Bypass
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
35.5%
Nov 17, 2021 CVE-2021-42321
Ransomware
Microsoft Exchange
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
93.6%
Nov 3, 2021 CVE-2012-0158 Microsoft MSCOMCTL.OCX
endpoint m365 smb essential
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the c…
94.3%
Nov 3, 2021 CVE-2014-1812
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An aut…
74.6%
Nov 3, 2021 CVE-2015-1641 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code exec…
93.7%
Nov 3, 2021 CVE-2016-0167
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
10.0%
Nov 3, 2021 CVE-2016-0185 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Media Center Remote Code Execution Vulnerability
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references mal…
80.2%
Nov 3, 2021 CVE-2016-3235 Microsoft Office
endpoint m365 smb essential
Microsoft Office OLE DLL Side Loading Vulnerability
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. …
81.2%
Nov 3, 2021 CVE-2016-7255 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in ker…
89.4%
Nov 3, 2021 CVE-2017-0143
Ransomware
Microsoft Windows
endpoint m365 server os smb essential
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
94.0%
Nov 3, 2021 CVE-2017-0199
Ransomware
Microsoft Office and WordPad
endpoint m365 smb essential
Microsoft Office and WordPad Remote Code Execution Vulnerability
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code exe…
94.3%
Nov 3, 2021 CVE-2017-11774 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute comma…
85.6%
Nov 3, 2021 CVE-2017-11882
Ransomware
Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
94.4%
Nov 3, 2021 CVE-2017-7269 Microsoft Internet Information Services (IIS)
endpoint m365 server os smb essential web server
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long heade…
94.4%
Nov 3, 2021 CVE-2017-8759 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
94.0%
Nov 3, 2021 CVE-2018-0798 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-0802 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context o…
94.1%
Nov 3, 2021 CVE-2018-8653 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
35.6%
Nov 3, 2021 CVE-2019-0541 Microsoft MSHTML
endpoint m365 smb essential
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
87.2%
Nov 3, 2021 CVE-2019-0604
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
94.4%
Nov 3, 2021 CVE-2019-0708
Ransomware
Microsoft Remote Desktop Services
endpoint m365 smb essential
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target syste…
94.5%
Nov 3, 2021 CVE-2019-0797 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to …
4.5%
Nov 3, 2021 CVE-2019-0803 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attac…
88.8%
Nov 3, 2021 CVE-2019-0808 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run…
74.0%
Nov 3, 2021 CVE-2019-0859 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
10.6%
Nov 3, 2021 CVE-2019-0863 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
6.2%
Nov 3, 2021 CVE-2019-1214 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
3.7%
Nov 3, 2021 CVE-2019-1215
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation …
5.2%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.