Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 451–480 of 667 CVEs · Page 16 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2009-3129 Microsoft Excel
endpoint m365 smb essential
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a poi…
91.2%
Mar 3, 2022 CVE-2010-0188
Ransomware
Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
93.6%
Mar 3, 2022 CVE-2010-0232 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Exception Handler Vulnerability
The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to…
75.2%
Mar 3, 2022 CVE-2010-3333 Microsoft Office
endpoint m365 smb essential
Microsoft Office Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
93.8%
Mar 3, 2022 CVE-2011-0611 Adobe Flash Player
smb essential
Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
93.5%
Mar 3, 2022 CVE-2011-1889 Microsoft Forefront Threat Management Gateway (TMG)
endpoint m365 smb essential
Microsoft Forefront TMG Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security cont…
88.1%
Mar 3, 2022 CVE-2012-1535 Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
91.6%
Mar 3, 2022 CVE-2012-1856 Microsoft Office
endpoint m365 smb essential
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web pag…
91.6%
Mar 3, 2022 CVE-2013-0632 Adobe ColdFusion
smb essential
Adobe ColdFusion Authentication Bypass Vulnerability
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
92.7%
Mar 3, 2022 CVE-2013-0640 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Memory Corruption Vulnerability
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
92.3%
Mar 3, 2022 CVE-2013-0641 Adobe Reader
smb essential
Adobe Reader Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
88.0%
Mar 3, 2022 CVE-2013-1347 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
87.7%
Mar 3, 2022 CVE-2013-1675 Mozilla Firefox
browser smb essential
Mozilla Firefox Information Disclosure Vulnerability
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to…
7.9%
Mar 3, 2022 CVE-2013-3346 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Memory Corruption Vulnerability
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
89.6%
Mar 3, 2022 CVE-2013-3897 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Use-After-Free Vulnerability
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
88.2%
Mar 3, 2022 CVE-2013-5065 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
73.0%
Mar 3, 2022 CVE-2014-0496 Adobe Reader and Acrobat
smb essential
Adobe Reader and Acrobat Use-After-Free Vulnerability
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
71.1%
Mar 3, 2022 CVE-2014-4114 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
92.5%
Mar 3, 2022 CVE-2015-1642 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
72.9%
Mar 3, 2022 CVE-2015-1701
Ransomware
Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privilege…
90.4%
Mar 3, 2022 CVE-2015-2387 Microsoft ATM Font Driver
endpoint m365 smb essential
Microsoft ATM Font Driver Privilege Escalation Vulnerability
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
24.7%
Mar 3, 2022 CVE-2015-2424 Microsoft PowerPoint
endpoint m365 smb essential
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
64.5%
Mar 3, 2022 CVE-2015-2545 Microsoft Office
endpoint m365 smb essential
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
93.2%
Mar 3, 2022 CVE-2015-3043 Adobe Flash Player
smb essential
Adobe Flash Player Memory Corruption Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
87.4%
Mar 3, 2022 CVE-2015-5119 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
93.2%
Mar 3, 2022 CVE-2015-7645
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
85.2%
Mar 3, 2022 CVE-2016-0099
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who success…
90.4%
Mar 3, 2022 CVE-2016-1019
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
56.7%
Mar 3, 2022 CVE-2016-4117 Adobe Flash Player
smb essential
Adobe Flash Player Arbitrary Code Execution Vulnerability
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
93.0%
Mar 3, 2022 CVE-2016-7193 Microsoft Office
endpoint m365 smb essential
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
73.8%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.