Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2018-15961 | Adobe ColdFusion |
Adobe ColdFusion Unrestricted File Upload Vulnerability
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2018-4878
Ransomware |
Adobe Flash Player |
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
|
— | 93.5% |
| Nov 3, 2021 | CVE-2018-4939 | Adobe ColdFusion |
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
|
— | 50.5% |
| Nov 3, 2021 | CVE-2018-8653 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
|
— | 35.6% |
| Nov 3, 2021 | CVE-2019-0541 | Microsoft MSHTML |
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
|
— | 87.2% |
| Nov 3, 2021 |
CVE-2019-0604
Ransomware |
Microsoft SharePoint |
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2019-0708
Ransomware |
Microsoft Remote Desktop Services |
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target syste…
|
— | 94.5% |
| Nov 3, 2021 | CVE-2019-0797 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to …
|
— | 4.5% |
| Nov 3, 2021 | CVE-2019-0803 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attac…
|
— | 88.8% |
| Nov 3, 2021 | CVE-2019-0808 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run…
|
— | 74.0% |
| Nov 3, 2021 | CVE-2019-0859 | Microsoft Win32k |
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
|
— | 10.6% |
| Nov 3, 2021 | CVE-2019-0863 | Microsoft Windows |
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
|
— | 6.2% |
| Nov 3, 2021 |
CVE-2019-11580
Ransomware |
Atlassian Crowd and Crowd Data Center |
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2019-11634
Ransomware |
Citrix Workspace Application and Receiver for Windows |
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
|
— | 52.4% |
| Nov 3, 2021 | CVE-2019-1214 | Microsoft Windows |
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
|
— | 3.7% |
| Nov 3, 2021 |
CVE-2019-1215
Ransomware |
Microsoft Windows |
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation …
|
— | 5.2% |
| Nov 3, 2021 |
CVE-2019-1367
Ransomware |
Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execut…
|
— | 90.7% |
| Nov 3, 2021 | CVE-2019-1429 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
|
— | 83.0% |
| Nov 3, 2021 | CVE-2019-17026 | Mozilla Firefox and Thunderbird |
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
|
— | 56.2% |
| Nov 3, 2021 |
CVE-2019-3396
Ransomware |
Atlassian Confluence Server and Data Server |
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.
|
— | 94.5% |
| Nov 3, 2021 | CVE-2019-3398 | Atlassian Confluence Server and Data Center |
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write fil…
|
— | 93.9% |
| Nov 3, 2021 | CVE-2019-6223 | Apple iOS and macOS |
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
|
— | 0.4% |
| Nov 3, 2021 | CVE-2019-9978 | WordPress Social Warfare Plugin |
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
|
— | 88.1% |
| Nov 3, 2021 | CVE-2020-0601 | Microsoft Windows |
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the v…
|
— | 94.1% |
| Nov 3, 2021 | CVE-2020-0646 | Microsoft .NET Framework |
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
|
— | 93.9% |
| Nov 3, 2021 | CVE-2020-0674 | Microsoft Internet Explorer |
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote co…
|
— | 93.6% |
| Nov 3, 2021 | CVE-2020-0683 | Microsoft Windows |
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or …
|
— | 31.3% |
| Nov 3, 2021 |
CVE-2020-0688
Ransomware |
Microsoft Exchange Server |
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
|
— | 94.4% |
| Nov 3, 2021 |
CVE-2020-0878
Ransomware |
Microsoft Edge and Internet Explorer |
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
|
— | 5.3% |
| Nov 3, 2021 | CVE-2020-0938 | Microsoft Windows |
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
|
— | 87.0% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.