Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 31–60 of 531 CVEs · Page 2 of 18 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Feb 10, 2026 CVE-2026-21510 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
7.1%
Feb 10, 2026 CVE-2026-21513 Microsoft Windows
endpoint m365 smb essential
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
27.8%
Feb 10, 2026 CVE-2026-21514 Microsoft Office
endpoint m365 smb essential
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
5.3%
Feb 10, 2026 CVE-2026-21519 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Type Confusion Vulnerability
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
4.2%
Feb 10, 2026 CVE-2026-21525 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NULL Pointer Dereference Vulnerability
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
8.8%
Feb 10, 2026 CVE-2026-21533 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Improper Privilege Management Vulnerability
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
19.1%
Jan 29, 2026 CVE-2026-1281 Ivanti Endpoint Manager Mobile (EPMM)
endpoint vpn remote
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
81.6%
Jan 26, 2026 CVE-2026-21509 Microsoft Office
endpoint m365 smb essential
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized atta…
7.9%
Jan 13, 2026 CVE-2026-20805 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Information Disclosure Vulnerability
Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
2.3%
Jan 7, 2026 CVE-2009-0556 Microsoft Office
endpoint m365 smb essential
Microsoft Office PowerPoint Code Injection Vulnerability
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom contain…
59.0%
Dec 15, 2025 CVE-2025-43529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
0.2%
Dec 9, 2025 CVE-2025-62221 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Use After Free Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
1.5%
Nov 12, 2025 CVE-2025-62215 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Race Condition Vulnerability
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vul…
2.4%
Oct 24, 2025 CVE-2025-59287 Microsoft Windows
endpoint m365 server os smb essential
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
66.2%
Oct 20, 2025 CVE-2022-48503 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impac…
0.2%
Oct 20, 2025 CVE-2025-33073 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Client Improper Access Control Vulnerability
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious s…
44.3%
Oct 14, 2025 CVE-2025-24990 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Untrusted Pointer Dereference Vulnerability
Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vuln…
2.8%
Oct 14, 2025 CVE-2025-59230 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Improper Access Control Vulnerability
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges loca…
4.5%
Oct 6, 2025 CVE-2010-3962 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) a…
89.7%
Oct 6, 2025 CVE-2011-3402 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute…
88.3%
Oct 6, 2025 CVE-2013-3918 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Out-of-Bounds Write Vulnerability
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability …
88.5%
Oct 6, 2025 CVE-2021-43226 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
8.4%
Aug 21, 2025 CVE-2025-43300 Apple iOS, iPadOS, and macOS
endpoint mobile smb essential
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
4.4%
Aug 18, 2025 CVE-2025-54948 Trend Micro Apex One
endpoint
Trend Micro Apex One OS Command Injection Vulnerability
Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code a…
13.9%
Aug 12, 2025 CVE-2007-0671 Microsoft Office
endpoint m365 smb essential
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered a…
52.3%
Aug 12, 2025 CVE-2013-3893 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-servic…
84.9%
Jul 22, 2025 CVE-2025-49704
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Code Injection Vulnerability
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2…
59.6%
Jul 22, 2025 CVE-2025-49706
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Improper Authentication Vulnerability
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow…
73.8%
Jul 20, 2025 CVE-2025-53770
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This v…
88.2%
Jun 16, 2025 CVE-2025-43200 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
0.9%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.