Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 391–420 of 531 CVEs · Page 14 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Feb 10, 2022 CVE-2017-0144
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
94.3%
Feb 10, 2022 CVE-2017-0145
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
93.3%
Feb 10, 2022 CVE-2017-0262 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office.
65.0%
Feb 10, 2022 CVE-2017-0263 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
20.8%
Feb 10, 2022 CVE-2017-8464 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
93.9%
Feb 10, 2022 CVE-2020-0796
Ransomware
Microsoft SMBv3
endpoint m365 smb essential
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully explo…
94.4%
Feb 10, 2022 CVE-2021-36934 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SAM Local Privilege Escalation Vulnerability
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
90.4%
Feb 4, 2022 CVE-2022-21882 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
89.1%
Jan 28, 2022 CVE-2014-1776 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
84.0%
Jan 28, 2022 CVE-2020-0787
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrar…
59.3%
Jan 28, 2022 CVE-2022-22587 Apple iOS and macOS
endpoint mobile smb essential
Apple Memory Corruption Vulnerability
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
0.4%
Jan 21, 2022 CVE-2018-8453
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
81.3%
Jan 18, 2022 CVE-2021-33766 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Information Disclosure
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
93.8%
Jan 10, 2022 CVE-2013-3900 Microsoft WinVerifyTrust function
endpoint m365 smb essential
Microsoft WinVerifyTrust function Remote Code Execution
A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
75.8%
Jan 10, 2022 CVE-2019-1458
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
92.2%
Dec 15, 2021 CVE-2021-43890
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows AppX Installer Spoofing Vulnerability
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
25.2%
Nov 17, 2021 CVE-2021-40449
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Win32k Privilege Escalation Vulnerability
Unspecified vulnerability allows for an authenticated user to escalate privileges.
91.5%
Nov 17, 2021 CVE-2021-42292 Microsoft Office
endpoint m365 smb essential
Microsoft Excel Security Feature Bypass
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
35.5%
Nov 17, 2021 CVE-2021-42321
Ransomware
Microsoft Exchange
endpoint m365 smb essential
Microsoft Exchange Server Remote Code Execution Vulnerability
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
93.6%
Nov 3, 2021 CVE-2012-0158 Microsoft MSCOMCTL.OCX
endpoint m365 smb essential
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the c…
94.3%
Nov 3, 2021 CVE-2014-1812
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An aut…
74.6%
Nov 3, 2021 CVE-2015-1641 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code exec…
93.7%
Nov 3, 2021 CVE-2016-0167
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
10.0%
Nov 3, 2021 CVE-2016-0185 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Media Center Remote Code Execution Vulnerability
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references mal…
80.2%
Nov 3, 2021 CVE-2016-3235 Microsoft Office
endpoint m365 smb essential
Microsoft Office OLE DLL Side Loading Vulnerability
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. …
81.2%
Nov 3, 2021 CVE-2016-7255 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in ker…
89.4%
Nov 3, 2021 CVE-2017-0143
Ransomware
Microsoft Windows
endpoint m365 server os smb essential
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
94.0%
Nov 3, 2021 CVE-2017-0199
Ransomware
Microsoft Office and WordPad
endpoint m365 smb essential
Microsoft Office and WordPad Remote Code Execution Vulnerability
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code exe…
94.3%
Nov 3, 2021 CVE-2017-11774 Microsoft Office
endpoint m365 smb essential
Microsoft Office Outlook Security Feature Bypass Vulnerability
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute comma…
85.6%
Nov 3, 2021 CVE-2017-11882
Ransomware
Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.