Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 361–390 of 667 CVEs · Page 13 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 4, 2022 CVE-2014-4113 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
78.5%
May 4, 2022 CVE-2019-8506 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
8.0%
May 4, 2022 CVE-2021-1789 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
0.2%
Apr 25, 2022 CVE-2021-40450 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
4.1%
Apr 25, 2022 CVE-2021-41357 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
4.0%
Apr 25, 2022 CVE-2022-21919 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
0.3%
Apr 25, 2022 CVE-2022-26904 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
23.0%
Apr 19, 2022 CVE-2022-22718 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
7.7%
Apr 15, 2022 CVE-2022-1364 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
17.5%
Apr 13, 2022 CVE-2014-9163 Adobe Flash Player
smb essential
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
3.2%
Apr 13, 2022 CVE-2015-0311 Adobe Flash Player
smb essential
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
92.6%
Apr 13, 2022 CVE-2015-0313 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
92.5%
Apr 13, 2022 CVE-2015-2502 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
21.7%
Apr 13, 2022 CVE-2015-3113 Adobe Flash Player
smb essential
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
92.4%
Apr 13, 2022 CVE-2015-5122 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-…
92.7%
Apr 13, 2022 CVE-2015-5123 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-…
41.0%
Apr 13, 2022 CVE-2018-20753
Ransomware
Kaseya Virtual System/Server Administrator (VSA)
enterprise smb essential
Kaseya VSA Remote Code Execution Vulnerability
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
47.9%
Apr 13, 2022 CVE-2022-24521
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
7.5%
Apr 11, 2022 CVE-2021-39793 Google Pixel
browser smb essential
Google Pixel Out-of-Bounds Write Vulnerability
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
0.1%
Apr 11, 2022 CVE-2021-42278
Ransomware
Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
94.1%
Apr 11, 2022 CVE-2021-42287
Ransomware
Microsoft Active Directory
endpoint identity m365 smb essential
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
94.0%
Apr 6, 2022 CVE-2017-0148
Ransomware
Microsoft SMBv1 server
endpoint m365 smb essential
Microsoft SMBv1 Server Remote Code Execution Vulnerability
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
94.1%
Apr 6, 2022 CVE-2021-31166 Microsoft HTTP Protocol Stack
endpoint m365 smb essential
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
93.1%
Apr 4, 2022 CVE-2022-22674 Apple macOS
endpoint mobile smb essential
Apple macOS Out-of-Bounds Read Vulnerability
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
0.2%
Apr 4, 2022 CVE-2022-22675 Apple macOS
endpoint mobile smb essential
Apple macOS Out-of-Bounds Write Vulnerability
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
1.4%
Mar 31, 2022 CVE-2021-34484 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
2.8%
Mar 28, 2022 CVE-2010-4398 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (U…
7.7%
Mar 28, 2022 CVE-2011-2005 Microsoft Ancillary Function Driver (afd.sys)
endpoint m365 smb essential
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a c…
67.1%
Mar 28, 2022 CVE-2012-2034 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
10.3%
Mar 28, 2022 CVE-2012-2539 Microsoft Word
endpoint m365 smb essential
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
84.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.