Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Mar 3, 2022 | CVE-2009-3129 | Microsoft Excel |
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a poi…
|
— | 91.2% |
| Mar 3, 2022 |
CVE-2010-0188
Ransomware |
Adobe Reader and Acrobat |
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
|
— | 93.6% |
| Mar 3, 2022 | CVE-2010-0232 | Microsoft Windows |
Microsoft Windows Kernel Exception Handler Vulnerability
The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to…
|
— | 75.2% |
| Mar 3, 2022 | CVE-2010-3333 | Microsoft Office |
Microsoft Office Stack-based Buffer Overflow Vulnerability
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
|
— | 93.8% |
| Mar 3, 2022 | CVE-2011-0611 | Adobe Flash Player |
Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
|
— | 93.5% |
| Mar 3, 2022 | CVE-2011-1889 | Microsoft Forefront Threat Management Gateway (TMG) |
Microsoft Forefront TMG Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security cont…
|
— | 88.1% |
| Mar 3, 2022 | CVE-2012-1535 | Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
|
— | 91.6% |
| Mar 3, 2022 | CVE-2012-1856 | Microsoft Office |
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web pag…
|
— | 91.6% |
| Mar 3, 2022 | CVE-2013-0632 | Adobe ColdFusion |
Adobe ColdFusion Authentication Bypass Vulnerability
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
|
— | 92.7% |
| Mar 3, 2022 | CVE-2013-0640 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Memory Corruption Vulnerability
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
|
— | 92.3% |
| Mar 3, 2022 | CVE-2013-0641 | Adobe Reader |
Adobe Reader Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
|
— | 88.0% |
| Mar 3, 2022 | CVE-2013-1347 | Microsoft Internet Explorer |
Microsoft Internet Explorer Remote Code Execution Vulnerability
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
|
— | 87.7% |
| Mar 3, 2022 | CVE-2013-1675 | Mozilla Firefox |
Mozilla Firefox Information Disclosure Vulnerability
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to…
|
— | 7.9% |
| Mar 3, 2022 | CVE-2013-3346 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Memory Corruption Vulnerability
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
|
— | 89.6% |
| Mar 3, 2022 | CVE-2013-3897 | Microsoft Internet Explorer |
Microsoft Internet Explorer Use-After-Free Vulnerability
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
|
— | 88.2% |
| Mar 3, 2022 | CVE-2013-5065 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
|
— | 73.0% |
| Mar 3, 2022 | CVE-2014-0496 | Adobe Reader and Acrobat |
Adobe Reader and Acrobat Use-After-Free Vulnerability
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
|
— | 71.1% |
| Mar 3, 2022 | CVE-2014-4114 | Microsoft Windows |
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
|
— | 92.5% |
| Mar 3, 2022 | CVE-2015-1642 | Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
|
— | 72.9% |
| Mar 3, 2022 |
CVE-2015-1701
Ransomware |
Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privilege…
|
— | 90.4% |
| Mar 3, 2022 | CVE-2015-2387 | Microsoft ATM Font Driver |
Microsoft ATM Font Driver Privilege Escalation Vulnerability
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
|
— | 24.7% |
| Mar 3, 2022 | CVE-2015-2424 | Microsoft PowerPoint |
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
|
— | 64.5% |
| Mar 3, 2022 | CVE-2015-2545 | Microsoft Office |
Microsoft Office Malformed EPS File Vulnerability
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
|
— | 93.2% |
| Mar 3, 2022 | CVE-2015-3043 | Adobe Flash Player |
Adobe Flash Player Memory Corruption Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 87.4% |
| Mar 3, 2022 | CVE-2015-5119 | Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 93.2% |
| Mar 3, 2022 |
CVE-2015-7645
Ransomware |
Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
|
— | 85.2% |
| Mar 3, 2022 |
CVE-2016-0099
Ransomware |
Microsoft Windows |
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who success…
|
— | 90.4% |
| Mar 3, 2022 |
CVE-2016-1019
Ransomware |
Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
|
— | 56.7% |
| Mar 3, 2022 | CVE-2016-4117 | Adobe Flash Player |
Adobe Flash Player Arbitrary Code Execution Vulnerability
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
|
— | 93.0% |
| Mar 3, 2022 | CVE-2016-7193 | Microsoft Office |
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
|
— | 73.8% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.