Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| May 4, 2022 | CVE-2014-4113 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 78.5% |
| May 4, 2022 | CVE-2019-8506 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
|
— | 8.0% |
| May 4, 2022 | CVE-2021-1789 | Apple Multiple Products |
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
|
— | 0.2% |
| Apr 25, 2022 | CVE-2021-40450 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 4.1% |
| Apr 25, 2022 | CVE-2021-41357 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
|
— | 4.0% |
| Apr 25, 2022 | CVE-2022-21919 | Microsoft Windows |
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 0.3% |
| Apr 25, 2022 | CVE-2022-26904 | Microsoft Windows |
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 23.0% |
| Apr 19, 2022 | CVE-2022-22718 | Microsoft Windows |
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
|
— | 7.7% |
| Apr 15, 2022 | CVE-2022-1364 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 17.5% |
| Apr 13, 2022 | CVE-2014-9163 | Adobe Flash Player |
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
|
— | 3.2% |
| Apr 13, 2022 | CVE-2015-0311 | Adobe Flash Player |
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.6% |
| Apr 13, 2022 | CVE-2015-0313 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.5% |
| Apr 13, 2022 | CVE-2015-2502 | Microsoft Internet Explorer |
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
|
— | 21.7% |
| Apr 13, 2022 | CVE-2015-3113 | Adobe Flash Player |
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
|
— | 92.4% |
| Apr 13, 2022 | CVE-2015-5122 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-…
|
— | 92.7% |
| Apr 13, 2022 | CVE-2015-5123 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-…
|
— | 41.0% |
| Apr 13, 2022 |
CVE-2018-20753
Ransomware |
Kaseya Virtual System/Server Administrator (VSA) |
Kaseya VSA Remote Code Execution Vulnerability
Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
|
— | 47.9% |
| Apr 13, 2022 |
CVE-2022-24521
Ransomware |
Microsoft Windows |
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 7.5% |
| Apr 11, 2022 | CVE-2021-39793 | Google Pixel |
Google Pixel Out-of-Bounds Write Vulnerability
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
|
— | 0.1% |
| Apr 11, 2022 |
CVE-2021-42278
Ransomware |
Microsoft Active Directory |
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
|
— | 94.1% |
| Apr 11, 2022 |
CVE-2021-42287
Ransomware |
Microsoft Active Directory |
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
|
— | 94.0% |
| Apr 6, 2022 |
CVE-2017-0148
Ransomware |
Microsoft SMBv1 server |
Microsoft SMBv1 Server Remote Code Execution Vulnerability
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
|
— | 94.1% |
| Apr 6, 2022 | CVE-2021-31166 | Microsoft HTTP Protocol Stack |
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
|
— | 93.1% |
| Apr 4, 2022 | CVE-2022-22674 | Apple macOS |
Apple macOS Out-of-Bounds Read Vulnerability
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
|
— | 0.2% |
| Apr 4, 2022 | CVE-2022-22675 | Apple macOS |
Apple macOS Out-of-Bounds Write Vulnerability
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
|
— | 1.4% |
| Mar 31, 2022 | CVE-2021-34484 | Microsoft Windows |
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 2.8% |
| Mar 28, 2022 | CVE-2010-4398 | Microsoft Windows |
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (U…
|
— | 7.7% |
| Mar 28, 2022 | CVE-2011-2005 | Microsoft Ancillary Function Driver (afd.sys) |
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a c…
|
— | 67.1% |
| Mar 28, 2022 | CVE-2012-2034 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
|
— | 10.3% |
| Mar 28, 2022 | CVE-2012-2539 | Microsoft Word |
Microsoft Word Remote Code Execution Vulnerability
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
|
— | 84.4% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.