Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 31–60 of 667 CVEs · Page 2 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Feb 18, 2026 CVE-2021-22175 GitLab GitLab
enterprise smb essential
GitLab Server-Side Request Forgery (SSRF) Vulnerability
GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled.
80.0%
Feb 17, 2026 CVE-2008-0015 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. W…
81.6%
Feb 17, 2026 CVE-2026-2441 Google Chromium
browser smb essential
Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability c…
23.1%
Feb 12, 2026 CVE-2024-43468 Microsoft Configuration Manager
endpoint m365 smb essential
Microsoft Configuration Manager SQL Injection Vulnerability
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the …
83.1%
Feb 12, 2026 CVE-2026-20700 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Buffer Overflow Vulnerability
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with me…
0.5%
Feb 10, 2026 CVE-2026-21510 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
7.1%
Feb 10, 2026 CVE-2026-21513 Microsoft Windows
endpoint m365 smb essential
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
27.8%
Feb 10, 2026 CVE-2026-21514 Microsoft Office
endpoint m365 smb essential
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
5.3%
Feb 10, 2026 CVE-2026-21519 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Type Confusion Vulnerability
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
4.2%
Feb 10, 2026 CVE-2026-21525 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NULL Pointer Dereference Vulnerability
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
8.8%
Feb 10, 2026 CVE-2026-21533 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Improper Privilege Management Vulnerability
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
19.1%
Feb 3, 2026 CVE-2021-39935 GitLab Community and Enterprise Editions
enterprise smb essential
GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the …
64.5%
Jan 26, 2026 CVE-2026-21509 Microsoft Office
endpoint m365 smb essential
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized atta…
7.9%
Jan 13, 2026 CVE-2026-20805 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Information Disclosure Vulnerability
Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
2.3%
Jan 7, 2026 CVE-2009-0556 Microsoft Office
endpoint m365 smb essential
Microsoft Office PowerPoint Code Injection Vulnerability
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom contain…
59.0%
Dec 15, 2025 CVE-2025-43529 Apple Multiple Products
browser endpoint mobile smb essential
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This…
0.2%
Dec 12, 2025 CVE-2025-14174 Google Chromium
browser smb essential
Google Chromium Out of Bounds Memory Access Vulnerability
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. T…
0.3%
Dec 9, 2025 CVE-2025-62221 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Use After Free Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
1.5%
Nov 19, 2025 CVE-2025-13223 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
2.9%
Nov 12, 2025 CVE-2025-62215 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Race Condition Vulnerability
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vul…
2.4%
Oct 24, 2025 CVE-2025-54236 Adobe Commerce and Magento
smb essential
Adobe Commerce and Magento Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
72.2%
Oct 24, 2025 CVE-2025-59287 Microsoft Windows
endpoint m365 server os smb essential
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
66.2%
Oct 20, 2025 CVE-2022-48503 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impac…
0.2%
Oct 20, 2025 CVE-2025-33073 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows SMB Client Improper Access Control Vulnerability
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious s…
44.3%
Oct 15, 2025 CVE-2025-54253 Adobe Experience Manager (AEM) Forms
smb essential
Adobe Experience Manager Forms Code Execution Vulnerability
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
24.2%
Oct 14, 2025 CVE-2025-24990 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Untrusted Pointer Dereference Vulnerability
Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vuln…
2.8%
Oct 14, 2025 CVE-2025-59230 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Improper Access Control Vulnerability
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges loca…
4.5%
Oct 6, 2025 CVE-2010-3765 Mozilla Multiple Products
browser smb essential
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors rel…
86.8%
Oct 6, 2025 CVE-2010-3962 Microsoft Internet Explorer
endpoint m365 smb essential
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) a…
89.7%
Oct 6, 2025 CVE-2011-3402 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute…
88.3%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.