Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 25, 2022 | CVE-2018-6961 | VMware SD-WAN Edge |
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code executi…
|
— | 93.9% |
| Mar 25, 2022 | CVE-2018-8373 | Microsoft Internet Explorer Scripting Engine |
Microsoft Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
|
— | 82.5% |
| Mar 25, 2022 | CVE-2018-8414 | Microsoft Windows |
Microsoft Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
|
— | 89.2% |
| Mar 25, 2022 | CVE-2019-0903 | Microsoft Graphics Device Interface (GDI) |
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this…
|
— | 34.4% |
| Mar 25, 2022 |
CVE-2022-21999
Ransomware |
Microsoft Windows |
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
|
— | 73.2% |
| Mar 15, 2022 |
CVE-2015-2546
Ransomware |
Microsoft Win32k |
Microsoft Win32k Memory Corruption Vulnerability
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
|
— | 40.6% |
| Mar 15, 2022 |
CVE-2016-3309
Ransomware |
Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run…
|
— | 43.2% |
| Mar 15, 2022 |
CVE-2017-0101
Ransomware |
Microsoft Windows |
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
|
— | 72.3% |
| Mar 15, 2022 |
CVE-2018-8120
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
|
— | 94.1% |
| Mar 15, 2022 |
CVE-2019-0543
Ransomware |
Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
|
— | 42.7% |
| Mar 15, 2022 |
CVE-2019-0841
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
|
— | 82.7% |
| Mar 15, 2022 |
CVE-2019-1064
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
|
— | 11.8% |
| Mar 15, 2022 |
CVE-2019-1069
Ransomware |
Microsoft Task Scheduler |
Microsoft Task Scheduler Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
|
— | 32.5% |
| Mar 15, 2022 |
CVE-2019-1129
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an…
|
— | 2.1% |
| Mar 15, 2022 | CVE-2019-1132 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
|
— | 36.5% |
| Mar 15, 2022 |
CVE-2019-1253
Ransomware |
Microsoft Windows |
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
|
— | 27.7% |
| Mar 15, 2022 |
CVE-2019-1315
Ransomware |
Microsoft Windows |
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could ove…
|
— | 7.6% |
| Mar 15, 2022 |
CVE-2019-1322
Ransomware |
Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes …
|
— | 36.5% |
| Mar 15, 2022 |
CVE-2019-1405
Ransomware |
Microsoft Windows |
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
|
— | 53.9% |
| Mar 7, 2022 |
CVE-2009-3960
Ransomware |
Adobe BlazeDS |
Adobe BlazeDS Information Disclosure Vulnerability
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
|
— | 90.4% |
| Mar 7, 2022 | CVE-2013-0625 | Adobe ColdFusion |
Adobe ColdFusion Authentication Bypass Vulnerability
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
|
— | 78.3% |
| Mar 7, 2022 | CVE-2013-0629 | Adobe ColdFusion |
Adobe ColdFusion Directory Traversal Vulnerability
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
|
— | 81.8% |
| Mar 7, 2022 | CVE-2013-0631 | Adobe ColdFusion |
Adobe ColdFusion Information Disclosure Vulnerability
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
|
— | 81.6% |
| Mar 7, 2022 | CVE-2019-11581 | Atlassian Jira Server and Data Center |
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
|
— | 94.4% |
| Mar 7, 2022 | CVE-2022-26485 | Mozilla Firefox |
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.
|
— | 2.9% |
| Mar 7, 2022 | CVE-2022-26486 | Mozilla Firefox |
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.
|
— | 2.5% |
| Mar 3, 2022 | CVE-2002-0367 | Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM …
|
— | 1.2% |
| Mar 3, 2022 | CVE-2004-0210 | Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
|
— | 6.8% |
| Mar 3, 2022 |
CVE-2008-2992
Ransomware |
Adobe Acrobat and Reader |
Adobe Reader and Acrobat Input Validation Vulnerability
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
|
— | 93.7% |
| Mar 3, 2022 | CVE-2009-1123 | Microsoft Windows |
Microsoft Windows Improper Input Validation Vulnerability
The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.
|
— | 5.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.