Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 451–480 of 1,619 CVEs · Page 16 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Sep 13, 2024 CVE-2024-8190 Ivanti Cloud Services Appliance
endpoint vpn remote
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin…
91.9%
Sep 10, 2024 CVE-2024-38014 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Improper Privilege Management Vulnerability
Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
12.8%
Sep 10, 2024 CVE-2024-38217 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited …
13.8%
Sep 10, 2024 CVE-2024-38226 Microsoft Publisher
endpoint m365 smb essential
Microsoft Publisher Protection Mechanism Failure Vulnerability
Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
1.4%
Sep 9, 2024 CVE-2016-3714 ImageMagick ImageMagick
ImageMagick Improper Input Validation Vulnerability
ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to exec…
93.6%
Sep 9, 2024 CVE-2017-1000253
Ransomware
Linux Kernel
server os
Linux Kernel PIE Stack Buffer Corruption Vulnerability
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
57.3%
Sep 9, 2024 CVE-2024-40766
Ransomware
SonicWall SonicOS
network vpn remote
SonicWall SonicOS Improper Access Control Vulnerability
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
3.4%
Sep 3, 2024 CVE-2021-20123 DrayTek VigorConnect
Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitra…
93.5%
Sep 3, 2024 CVE-2021-20124 DrayTek VigorConnect
Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnera…
93.6%
Sep 3, 2024 CVE-2024-7262 Kingsoft WPS Office
smb essential
Kingsoft WPS Office Path Traversal Vulnerability
Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
9.7%
Aug 28, 2024 CVE-2024-7965 Google Chromium V8
browser smb essential
Google Chromium V8 Inappropriate Implementation Vulnerability
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulner…
22.8%
Aug 27, 2024 CVE-2024-38856 Apache OFBiz
web server
Apache OFBiz Incorrect Authorization Vulnerability
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthent…
94.4%
Aug 26, 2024 CVE-2024-7971 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multip…
1.9%
Aug 23, 2024 CVE-2024-39717 Versa Director
Versa Director Dangerous File Type Upload Vulnerability
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center…
5.4%
Aug 21, 2024 CVE-2021-31196 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
3.3%
Aug 21, 2024 CVE-2021-33044 Dahua IP Camera Firmware
Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
94.3%
Aug 21, 2024 CVE-2021-33045 Dahua IP Camera Firmware
Dahua IP Camera Authentication Bypass Vulnerability
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
94.2%
Aug 21, 2024 CVE-2022-0185 Linux Kernel
server os
Linux Kernel Heap-Based Buffer Overflow Vulnerability
Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a file…
1.9%
Aug 19, 2024 CVE-2024-23897
Ransomware
Jenkins Jenkins Command Line Interface (CLI)
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
94.5%
Aug 15, 2024 CVE-2024-28986 SolarWinds Web Help Desk
enterprise
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
80.2%
Aug 13, 2024 CVE-2024-38106 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation o…
0.8%
Aug 13, 2024 CVE-2024-38107 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
3.4%
Aug 13, 2024 CVE-2024-38178 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
30.2%
Aug 13, 2024 CVE-2024-38189 Microsoft Project
endpoint m365 smb essential
Microsoft Project Remote Code Execution Vulnerability
Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
43.7%
Aug 13, 2024 CVE-2024-38193 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privil…
73.2%
Aug 13, 2024 CVE-2024-38213 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.
59.3%
Aug 7, 2024 CVE-2024-32113 Apache OFBiz
web server
Apache OFBiz Path Traversal Vulnerability
Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.
94.0%
Aug 7, 2024 CVE-2024-36971 Android Kernel
mobile
Android Kernel Remote Code Execution Vulnerability
Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, incl…
0.4%
Aug 5, 2024 CVE-2018-0824 Microsoft Windows
endpoint m365 smb essential
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or…
91.5%
Jul 30, 2024 CVE-2024-37085
Ransomware
VMware ESXi
enterprise
VMware ESXi Authentication Bypass Vulnerability
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was prev…
80.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.