Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 751–780 of 1,619 CVEs · Page 26 of 54 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Jan 17, 2023 CVE-2022-44877 CWP Control Web Panel
CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the l…
94.5%
Jan 10, 2023 CVE-2022-41080
Ransomware
Microsoft Exchange Server
endpoint m365 smb essential
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote …
93.8%
Jan 10, 2023 CVE-2023-21674 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
19.7%
Dec 29, 2022 CVE-2018-18809 TIBCO JasperReports
TIBCO JasperReports Library Directory Traversal Vulnerability
TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.
93.9%
Dec 29, 2022 CVE-2018-5430 TIBCO JasperReports
TIBCO JasperReports Server Information Disclosure Vulnerability
TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration file…
41.4%
Dec 14, 2022 CVE-2022-42856 Apple iOS
endpoint mobile smb essential
Apple iOS Type Confusion Vulnerability
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
0.2%
Dec 13, 2022 CVE-2022-26500
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the inter…
19.0%
Dec 13, 2022 CVE-2022-26501
Ransomware
Veeam Backup & Replication
enterprise
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the inter…
75.4%
Dec 13, 2022 CVE-2022-27518 Citrix Application Delivery Controller (ADC) and Gateway
enterprise vpn remote
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker…
27.7%
Dec 13, 2022 CVE-2022-42475
Ransomware
Fortinet FortiOS
network vpn remote
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or c…
94.0%
Dec 13, 2022 CVE-2022-44698
Ransomware
Microsoft Defender
endpoint m365 smb essential
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malic…
67.2%
Dec 5, 2022 CVE-2022-4262 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
8.6%
Nov 28, 2022 CVE-2021-35587 Oracle Fusion Middleware
database enterprise
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
94.3%
Nov 28, 2022 CVE-2022-4135 Google Chromium GPU
browser smb essential
Google Chromium GPU Heap Buffer Overflow Vulnerability
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape …
0.1%
Nov 14, 2022 CVE-2022-41049 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
13.2%
Nov 8, 2022 CVE-2021-25337 Samsung Mobile Devices
mobile
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerabili…
0.8%
Nov 8, 2022 CVE-2021-25369 Samsung Mobile Devices
mobile
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to …
0.2%
Nov 8, 2022 CVE-2021-25370 Samsung Mobile Devices
mobile
Samsung Mobile Devices Memory Corruption Vulnerability
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leadi…
0.5%
Nov 8, 2022 CVE-2022-41073
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
2.3%
Nov 8, 2022 CVE-2022-41091
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
6.3%
Nov 8, 2022 CVE-2022-41125 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
0.7%
Nov 8, 2022 CVE-2022-41128 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
39.2%
Oct 28, 2022 CVE-2022-3723 Google Chromium V8
browser smb essential
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
0.5%
Oct 25, 2022 CVE-2022-42827 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
0.2%
Oct 24, 2022 CVE-2018-19320
Ransomware
GIGABYTE Multiple Products
GIGABYTE Multiple Products Unspecified Vulnerability
The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local atta…
34.5%
Oct 24, 2022 CVE-2018-19321
Ransomware
GIGABYTE Multiple Products
GIGABYTE Multiple Products Privilege Escalation Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physica…
37.9%
Oct 24, 2022 CVE-2018-19322
Ransomware
GIGABYTE Multiple Products
GIGABYTE Multiple Products Code Execution Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports…
2.9%
Oct 24, 2022 CVE-2018-19323
Ransomware
GIGABYTE Multiple Products
GIGABYTE Multiple Products Privilege Escalation Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical m…
14.7%
Oct 24, 2022 CVE-2020-3153
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious…
25.1%
Oct 24, 2022 CVE-2020-3433
Ransomware
Cisco AnyConnect Secure
endpoint network smb essential vpn remote
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at …
3.9%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.