Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 331–360 of 531 CVEs · Page 12 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 25, 2022 CVE-2014-6332 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
94.1%
Mar 25, 2022 CVE-2017-0146
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Remote Code Execution Vulnerability
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
93.3%
Mar 25, 2022 CVE-2017-12615
Ransomware
Apache Tomcat
endpoint smb essential web server
Apache Tomcat on Windows Remote Code Execution Vulnerability
When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested a…
94.2%
Mar 25, 2022 CVE-2018-8373 Microsoft Internet Explorer Scripting Engine
endpoint m365 smb essential
Microsoft Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
82.5%
Mar 25, 2022 CVE-2018-8414 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
89.2%
Mar 25, 2022 CVE-2019-0903 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this…
34.4%
Mar 25, 2022 CVE-2020-25223 Sophos SG UTM
endpoint network
Sophos SG UTM Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
94.3%
Mar 25, 2022 CVE-2022-21999
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
73.2%
Mar 15, 2022 CVE-2015-2546
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Memory Corruption Vulnerability
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
40.6%
Mar 15, 2022 CVE-2016-3309
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…
43.2%
Mar 15, 2022 CVE-2017-0101
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
72.3%
Mar 15, 2022 CVE-2018-8120
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
94.1%
Mar 15, 2022 CVE-2019-0543
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
42.7%
Mar 15, 2022 CVE-2019-0841
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
82.7%
Mar 15, 2022 CVE-2019-1064
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
11.8%
Mar 15, 2022 CVE-2019-1069
Ransomware
Microsoft Task Scheduler
endpoint m365 smb essential
Microsoft Task Scheduler Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
32.5%
Mar 15, 2022 CVE-2019-1129
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
2.1%
Mar 15, 2022 CVE-2019-1132 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
36.5%
Mar 15, 2022 CVE-2019-1253
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
27.7%
Mar 15, 2022 CVE-2019-1315
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could ove…
7.6%
Mar 15, 2022 CVE-2019-1322
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
36.5%
Mar 15, 2022 CVE-2019-1405
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
53.9%
Mar 3, 2022 CVE-2002-0367 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM …
1.2%
Mar 3, 2022 CVE-2004-0210 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
6.8%
Mar 3, 2022 CVE-2009-1123 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Improper Input Validation Vulnerability
The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.
5.2%
Mar 3, 2022 CVE-2009-3129 Microsoft Excel
endpoint m365 smb essential
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a poi…
91.2%
Mar 3, 2022 CVE-2010-0232 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Exception Handler Vulnerability
The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to…
75.2%
Mar 3, 2022 CVE-2010-3333 Microsoft Office
endpoint m365 smb essential
Microsoft Office Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
93.8%
Mar 3, 2022 CVE-2011-1889 Microsoft Forefront Threat Management Gateway (TMG)
endpoint m365 smb essential
Microsoft Forefront TMG Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security cont…
88.1%
Mar 3, 2022 CVE-2012-1856 Microsoft Office
endpoint m365 smb essential
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web pag…
91.6%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.