Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 |
CVE-2021-31207
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
|
— | 93.8% |
| Nov 3, 2021 | CVE-2021-31955 | Microsoft Windows |
Microsoft Windows Kernel Information Disclosure Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memo…
|
— | 3.6% |
| Nov 3, 2021 | CVE-2021-31956 | Microsoft Windows |
Microsoft Windows NTFS Privilege Escalation Vulnerability
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
|
— | 90.7% |
| Nov 3, 2021 | CVE-2021-31979 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.2% |
| Nov 3, 2021 | CVE-2021-33739 | Microsoft Windows |
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
|
— | 16.9% |
| Nov 3, 2021 | CVE-2021-33742 | Microsoft Windows |
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
|
— | 72.1% |
| Nov 3, 2021 | CVE-2021-33771 | Microsoft Windows |
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
|
— | 6.4% |
| Nov 3, 2021 | CVE-2021-34448 | Microsoft Windows |
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
|
— | 3.1% |
| Nov 3, 2021 |
CVE-2021-34473
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
|
— | 94.2% |
| Nov 3, 2021 |
CVE-2021-34523
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
|
— | 94.0% |
| Nov 3, 2021 |
CVE-2021-34527
Ransomware |
Microsoft Windows |
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploit…
|
— | 94.2% |
| Nov 3, 2021 | CVE-2021-36741 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security |
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
|
— | 0.7% |
| Nov 3, 2021 | CVE-2021-36742 | Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security |
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
|
— | 1.4% |
| Nov 3, 2021 |
CVE-2021-36942
Ransomware |
Microsoft Windows |
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the dom…
|
— | 93.6% |
| Nov 3, 2021 | CVE-2021-36948 | Microsoft Windows |
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
|
— | 1.0% |
| Nov 3, 2021 |
CVE-2021-36955
Ransomware |
Microsoft Windows |
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
|
— | 20.7% |
| Nov 3, 2021 | CVE-2021-38645 | Microsoft Open Management Infrastructure (OMI) |
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
|
— | 11.6% |
| Nov 3, 2021 |
CVE-2021-38647
Ransomware |
Microsoft Open Management Infrastructure (OMI) |
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
|
— | 94.4% |
| Nov 3, 2021 | CVE-2021-38648 | Microsoft Open Management Infrastructure (OMI) |
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
|
— | 38.2% |
| Nov 3, 2021 | CVE-2021-38649 | Microsoft Open Management Infrastructure (OMI) |
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
|
— | 6.7% |
| Nov 3, 2021 |
CVE-2021-40444
Ransomware |
Microsoft MSHTML |
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
|
— | 94.3% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.