Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 511–540 of 1,619 CVEs · Page 18 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
May 16, 2024 CVE-2021-40655 D-Link DIR-605 Router
network
D-Link DIR-605 Router Information Disclosure Vulnerability
D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.
92.6%
May 16, 2024 CVE-2024-4761 Google Chromium V8
browser smb essential
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that util…
3.0%
May 14, 2024 CVE-2024-30040 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
28.7%
May 14, 2024 CVE-2024-30051
Ransomware
Microsoft DWM Core Library
endpoint m365 smb essential
Microsoft DWM Core Library Privilege Escalation Vulnerability
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
48.1%
May 13, 2024 CVE-2024-4671 Google Chromium
browser smb essential
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect m…
0.6%
May 1, 2024 CVE-2023-7028 GitLab GitLab CE/EE
enterprise smb essential
GitLab Community and Enterprise Editions Improper Access Control Vulnerability
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified ema…
93.4%
Apr 30, 2024 CVE-2024-29988 Microsoft SmartScreen Prompt
endpoint m365 smb essential
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chain…
62.8%
Apr 24, 2024 CVE-2024-20353 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Denial of Service Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.
18.8%
Apr 24, 2024 CVE-2024-20359 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrato…
0.1%
Apr 24, 2024 CVE-2024-4040 CrushFTP CrushFTP
CrushFTP VFS Sandbox Escape Vulnerability
CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).
94.4%
Apr 23, 2024 CVE-2022-38028 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permis…
3.9%
Apr 12, 2024 CVE-2024-3400
Ransomware
Palo Alto Networks PAN-OS
network vpn remote
Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the …
94.3%
Apr 11, 2024 CVE-2024-3272 D-Link Multiple NAS Devices
network
D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthoriz…
94.1%
Apr 11, 2024 CVE-2024-3273 D-Link Multiple NAS Devices
network
D-Link Multiple NAS Devices Command Injection Vulnerability
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution.
94.4%
Apr 4, 2024 CVE-2024-29745 Android Pixel
mobile
Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.
0.2%
Apr 4, 2024 CVE-2024-29748 Android Pixel
mobile
Android Pixel Privilege Escalation Vulnerability
Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.
0.4%
Mar 26, 2024 CVE-2023-24955
Ransomware
Microsoft SharePoint Server
endpoint m365 smb essential
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
91.8%
Mar 25, 2024 CVE-2019-7256 Nice Linear eMerge E3-Series
Nice Linear eMerge E3-Series OS Command Injection Vulnerability
Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
94.4%
Mar 25, 2024 CVE-2021-44529
Ransomware
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)
endpoint vpn remote
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permis…
94.5%
Mar 25, 2024 CVE-2023-48788
Ransomware
Fortinet FortiClient EMS
network vpn remote
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
94.1%
Mar 7, 2024 CVE-2024-27198
Ransomware
JetBrains TeamCity
JetBrains TeamCity Authentication Bypass Vulnerability
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
93.0%
Mar 6, 2024 CVE-2024-23225 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to b…
0.2%
Mar 6, 2024 CVE-2024-23296 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kerne…
0.3%
Mar 5, 2024 CVE-2021-36380 Sunhillo SureLine
Sunhillo SureLine OS Command Injection Vulnerablity
Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shel…
93.6%
Mar 5, 2024 CVE-2023-21237 Android Pixel
mobile
Android Pixel Information Disclosure Vulnerability
Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. Thi…
1.0%
Mar 4, 2024 CVE-2024-21338
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a…
79.4%
Feb 29, 2024 CVE-2023-29360 Microsoft Streaming Service
endpoint m365 smb essential
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
30.3%
Feb 22, 2024 CVE-2024-1709
Ransomware
ConnectWise ScreenConnect
enterprise smb essential
ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-le…
94.4%
Feb 15, 2024 CVE-2020-3259
Ransomware
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
network
Cisco ASA and FTD Information Disclosure Vulnerability
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affect…
69.7%
Feb 15, 2024 CVE-2024-21410 Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
6.1%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.