Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 481–510 of 667 CVEs · Page 17 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 3, 2022 CVE-2016-7262 Microsoft Excel
endpoint m365 smb essential
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary com…
88.2%
Mar 3, 2022 CVE-2016-7855 Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
59.0%
Mar 3, 2022 CVE-2017-0001 Microsoft Graphics Device Interface (GDI)
endpoint m365 smb essential
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1…
47.8%
Mar 3, 2022 CVE-2017-0261 Microsoft Office
endpoint m365 smb essential
Microsoft Office Use-After-Free Vulnerability
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
92.3%
Mar 3, 2022 CVE-2017-11292 Adobe Flash Player
smb essential
Adobe Flash Player Type Confusion Vulnerability
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
34.4%
Mar 3, 2022 CVE-2017-11826 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the …
91.7%
Mar 3, 2022 CVE-2017-8540 Microsoft Malware Protection Engine
endpoint m365 smb essential
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows …
79.4%
Mar 3, 2022 CVE-2018-8581
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of …
91.8%
Mar 3, 2022 CVE-2019-1297 Microsoft Excel
endpoint m365 smb essential
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
40.7%
Mar 3, 2022 CVE-2021-41379
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
1.0%
Feb 25, 2022 CVE-2014-6352 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Code Injection Vulnerability
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
90.7%
Feb 25, 2022 CVE-2017-0222 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
65.3%
Feb 25, 2022 CVE-2017-8570 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
94.2%
Feb 15, 2022 CVE-2013-3906 Microsoft Graphics Component
endpoint m365 smb essential
Microsoft Graphics Component Memory Corruption Vulnerability
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
92.4%
Feb 15, 2022 CVE-2014-1761 Microsoft Word
endpoint m365 smb essential
Microsoft Word Memory Corruption Vulnerability
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
93.3%
Feb 15, 2022 CVE-2018-15982
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
93.6%
Feb 15, 2022 CVE-2018-8174
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
94.3%
Feb 15, 2022 CVE-2019-0752
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Type Confusion Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
91.5%
Feb 15, 2022 CVE-2022-0609 Google Chromium Animation
browser smb essential
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
49.0%
Feb 15, 2022 CVE-2022-24086 Adobe Commerce and Magento Open Source
smb essential
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
93.7%
Feb 11, 2022 CVE-2022-22620 Apple iOS, iPadOS, and macOS
browser endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could i…
4.0%
Feb 10, 2022 CVE-2014-4404 Apple OS X
endpoint mobile smb essential
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
62.0%
Feb 10, 2022 CVE-2015-1130 Apple OS X
endpoint mobile smb essential
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
23.4%
Feb 10, 2022 CVE-2015-1635 Microsoft HTTP.sys
endpoint m365 smb essential
Microsoft HTTP.sys Remote Code Execution Vulnerability
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
94.3%
Feb 10, 2022 CVE-2017-0144
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
94.3%
Feb 10, 2022 CVE-2017-0145
Ransomware
Microsoft SMBv1
endpoint m365 smb essential
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
93.3%
Feb 10, 2022 CVE-2017-0262 Microsoft Office
endpoint m365 smb essential
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office.
65.0%
Feb 10, 2022 CVE-2017-0263 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
20.8%
Feb 10, 2022 CVE-2017-8464 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
93.9%
Feb 10, 2022 CVE-2020-0796
Ransomware
Microsoft SMBv3
endpoint m365 smb essential
Microsoft SMBv3 Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully explo…
94.4%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.