Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| May 24, 2022 | CVE-2016-3298 | Microsoft Internet Explorer |
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerab…
|
— | 28.3% |
| May 24, 2022 |
CVE-2016-3351
Ransomware |
Microsoft Internet Explorer and Edge |
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker …
|
— | 45.4% |
| May 24, 2022 | CVE-2016-4655 | Apple iOS |
Apple iOS Information Disclosure Vulnerability
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.
|
— | 82.1% |
| May 24, 2022 | CVE-2016-4656 | Apple iOS |
Apple iOS Memory Corruption Vulnerability
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
|
— | 65.3% |
| May 24, 2022 | CVE-2016-4657 | Apple iOS |
Apple iOS Webkit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerabil…
|
— | 79.4% |
| May 24, 2022 | CVE-2017-0005 | Microsoft Windows |
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
|
— | 12.9% |
| May 24, 2022 | CVE-2017-0022 | Microsoft XML Core Services |
Microsoft XML Core Services Information Disclosure Vulnerability
Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.
|
— | 36.7% |
| May 24, 2022 |
CVE-2017-0147
Ransomware |
Microsoft SMBv1 server |
Microsoft Windows SMBv1 Information Disclosure Vulnerability
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
|
— | 92.8% |
| May 24, 2022 | CVE-2017-0149 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
|
— | 34.0% |
| May 24, 2022 | CVE-2017-0210 | Microsoft Internet Explorer |
Microsoft Internet Explorer Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
|
— | 43.0% |
| May 24, 2022 |
CVE-2017-18362
Ransomware |
Kaseya Virtual System/Server Administrator (VSA) |
Kaseya VSA SQL Injection Vulnerability
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
|
— | 81.1% |
| May 24, 2022 | CVE-2017-8543 | Microsoft Windows |
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
|
— | 85.1% |
| May 24, 2022 | CVE-2018-8611 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
|
— | 16.4% |
| May 23, 2022 | CVE-2018-5002 | Adobe Flash Player |
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
|
— | 47.1% |
| May 23, 2022 | CVE-2018-8589 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in…
|
— | 50.4% |
| May 23, 2022 | CVE-2019-0676 | Microsoft Internet Explorer |
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test fo…
|
— | 23.8% |
| May 23, 2022 | CVE-2019-0703 | Microsoft Windows |
Microsoft Windows SMB Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.
|
— | 19.2% |
| May 23, 2022 | CVE-2019-0880 | Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on…
|
— | 4.1% |
| May 23, 2022 |
CVE-2019-1130
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
|
— | 1.9% |
| May 23, 2022 | CVE-2019-11707 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable …
|
— | 84.3% |
| May 23, 2022 | CVE-2019-11708 | Mozilla Firefox and Thunderbird |
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
|
— | 68.8% |
| May 23, 2022 | CVE-2019-13720 | Google Chrome WebAudio |
Google Chrome WebAudio Use-After-Free Vulnerability
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
— | 89.6% |
| May 23, 2022 |
CVE-2019-1385
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
|
— | 0.5% |
| May 23, 2022 | CVE-2019-5786 | Google Chrome Blink |
Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
— | 89.9% |
| May 23, 2022 | CVE-2019-7286 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
|
— | 1.6% |
| May 23, 2022 | CVE-2019-7287 | Apple iOS |
Apple iOS Memory Corruption Vulnerability
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
|
— | 4.9% |
| May 23, 2022 |
CVE-2020-0638
Ransomware |
Microsoft Update Notification Manager |
Microsoft Update Notification Manager Privilege Escalation Vulnerability
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
|
— | 1.5% |
| May 23, 2022 | CVE-2020-1027 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute…
|
— | 11.9% |
| May 23, 2022 | CVE-2021-30883 | Apple Multiple Products |
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
|
— | 0.4% |
| May 4, 2022 | CVE-2014-0322 | Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
|
— | 93.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.