Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 541–570 of 667 CVEs · Page 19 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Nov 3, 2021 CVE-2018-15961 Adobe ColdFusion
smb essential
Adobe ColdFusion Unrestricted File Upload Vulnerability
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
94.4%
Nov 3, 2021 CVE-2018-4878
Ransomware
Adobe Flash Player
smb essential
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
93.5%
Nov 3, 2021 CVE-2018-4939 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
50.5%
Nov 3, 2021 CVE-2018-8653 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
35.6%
Nov 3, 2021 CVE-2019-0541 Microsoft MSHTML
endpoint m365 smb essential
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
87.2%
Nov 3, 2021 CVE-2019-0604
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of th…
94.4%
Nov 3, 2021 CVE-2019-0708
Ransomware
Microsoft Remote Desktop Services
endpoint m365 smb essential
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target syste…
94.5%
Nov 3, 2021 CVE-2019-0797 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to …
4.5%
Nov 3, 2021 CVE-2019-0803 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attac…
88.8%
Nov 3, 2021 CVE-2019-0808 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run…
74.0%
Nov 3, 2021 CVE-2019-0859 Microsoft Win32k
endpoint m365 smb essential
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
10.6%
Nov 3, 2021 CVE-2019-0863 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
6.2%
Nov 3, 2021 CVE-2019-11580
Ransomware
Atlassian Crowd and Crowd Data Center
enterprise smb essential
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
94.4%
Nov 3, 2021 CVE-2019-11634
Ransomware
Citrix Workspace Application and Receiver for Windows
endpoint enterprise smb essential vpn remote
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the client…
52.4%
Nov 3, 2021 CVE-2019-1214 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
3.7%
Nov 3, 2021 CVE-2019-1215
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation …
5.2%
Nov 3, 2021 CVE-2019-1367
Ransomware
Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execut…
90.7%
Nov 3, 2021 CVE-2019-1429 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
83.0%
Nov 3, 2021 CVE-2019-17026 Mozilla Firefox and Thunderbird
browser smb essential
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
56.2%
Nov 3, 2021 CVE-2019-3396
Ransomware
Atlassian Confluence Server and Data Server
enterprise smb essential
Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.
94.5%
Nov 3, 2021 CVE-2019-3398 Atlassian Confluence Server and Data Center
enterprise smb essential
Atlassian Confluence Server and Data Center Path Traversal Vulnerability
Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write fil…
93.9%
Nov 3, 2021 CVE-2019-6223 Apple iOS and macOS
endpoint mobile smb essential
Apple iOS and macOS Group Facetime Vulnerability
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user inte…
0.4%
Nov 3, 2021 CVE-2019-9978 WordPress Social Warfare Plugin
smb essential web server
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social War…
88.1%
Nov 3, 2021 CVE-2020-0601 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the v…
94.1%
Nov 3, 2021 CVE-2020-0646 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Remote Code Execution Vulnerability
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
93.9%
Nov 3, 2021 CVE-2020-0674 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote co…
93.6%
Nov 3, 2021 CVE-2020-0683 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or …
31.3%
Nov 3, 2021 CVE-2020-0688
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
94.4%
Nov 3, 2021 CVE-2020-0878
Ransomware
Microsoft Edge and Internet Explorer
browser endpoint m365 smb essential
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
5.3%
Nov 3, 2021 CVE-2020-0938 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows …
87.0%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.