Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 361–390 of 531 CVEs · Page 13 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2013-1347 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
87.7%
Mar 3, 2022 CVE-2013-3897 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
88.2%
Mar 3, 2022 CVE-2013-5065 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
73.0%
Mar 3, 2022 CVE-2014-4114 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
92.5%
Mar 3, 2022 CVE-2015-1642 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
72.9%
Mar 3, 2022 CVE-2015-1701
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privilege…
90.4%
Mar 3, 2022 CVE-2015-2387 Microsoft ATM Font Driver
endpoint m365 smb essential
Microsoft ATM Font Driver Privilege Escalation Vulnerability
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
24.7%
Mar 3, 2022 CVE-2015-2424 Microsoft PowerPoint
endpoint m365 smb essential
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
64.5%
Mar 3, 2022 CVE-2015-2545 Microsoft Office
endpoint m365 smb essential
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
93.2%
Mar 3, 2022 CVE-2016-0099
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who success…
90.4%
Mar 3, 2022 CVE-2016-7193 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
73.8%
Mar 3, 2022 CVE-2016-7262 Microsoft Excel
endpoint m365 smb essential
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary com…
88.2%
Mar 3, 2022 CVE-2017-0001 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1…
47.8%
Mar 3, 2022 CVE-2017-0261 Microsoft Office
endpoint m365 smb essential
Microsoft Office Use-After-Free Vulnerability
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
92.3%
Mar 3, 2022 CVE-2017-11826 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
91.7%
Mar 3, 2022 CVE-2017-8540 Microsoft Malware Protection Engine
endpoint m365 smb essential
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows …
79.4%
Mar 3, 2022 CVE-2018-8581
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of …
91.8%
Mar 3, 2022 CVE-2019-1297 Microsoft Excel
endpoint m365 smb essential
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
40.7%
Mar 3, 2022 CVE-2021-41379
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
1.0%
Feb 25, 2022 CVE-2014-6352 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
90.7%
Feb 25, 2022 CVE-2017-0222 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
65.3%
Feb 25, 2022 CVE-2017-8570 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
94.2%
Feb 15, 2022 CVE-2013-3906 Microsoft Graphics Component
endpoint m365 smb essential
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
92.4%
Feb 15, 2022 CVE-2014-1761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
93.3%
Feb 15, 2022 CVE-2018-8174
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
94.3%
Feb 15, 2022 CVE-2019-0752
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
91.5%
Feb 11, 2022 CVE-2022-22620 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
4.0%
Feb 10, 2022 CVE-2014-4404 Apple OS X
endpoint mobile smb essential
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
62.0%
Feb 10, 2022 CVE-2015-1130 Apple OS X
endpoint mobile smb essential
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
23.4%
Feb 10, 2022 CVE-2015-1635 Microsoft HTTP.sys
endpoint m365 smb essential
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
94.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.